This 11g Release 2 (11.1.2.2) of the integrated Identity Federation provides the ability to be configured as a Service Provider (SP) or an Identity Provider (IdP). Following this provider definition, remote providers (whether service or identity) partnered in Federation SSO need to be managed as well. Towards this end, Identity Federation developed the configuration hierarchy concepts of a partner and a partner profile.
A partner profile refers to settings specific to a partner type (IdP or SP) or a protocol version (SAML 2.0, SAML 1.1, OpenID 2.0). It is a configuration group that represents a sets of common properties that apply to all partners that reference it. It contains mostly secondary configuration objects such as Authentication Method mappings, cryptographic settings (SHA-1 vs SHA-256) and the like.
A partner refers to the configuration for a specific organization partnered in the Federation SSO process. Each partner is associated with a partner profile. The partnerprofileid property in a Partner entry defines the partner profile to which this partner is assigned. If the partnerprofileid property is not defined, the default Partner Profile for the Partner (based on the Partner type and the Partner protocol) will be used.
All Partners associated with the same Partner Profile will share its defined settings unless they are specifically overridden for a partner at the Partner configuration level. A Partner configuration overrides a Partner Profile configuration which, in turn, overrides a global configuration.
Partner profiles are only manageable using WLST commands. Each new partner created will be bound to one of the default partner profiles listed in Table 38-1. To assign a new partner profile to a partner, use the setFedPartnerProfile() WLST command after creating the partner.
See Using WLST for Identity Federation Administration.
Table 38-1 Default Partner Profiles
| Default Partner Profile | Description |
|---|---|
|
saml20-idp-partner-profile |
SAML 2.0 Partner Profile for IdP partners |
|
saml20-sp-partner-profile |
SAML 2.0 Partner Profile for SP partners |
|
saml11-idp-partner-profile |
SAML 1.1 Partner Profile for IdP partners |
|
saml11-sp-partner-profile |
SAML 1.1 Partner Profile for SP partners |
|
openid20-idp-partner-profile |
OpenID 2.0 Partner Profile for IdP partners |
|
openid20-sp-partner-profile |
OpenID 2.0 Partner Profile for SP partners |