Creating an Identity Provider Partner

An identity provider is responsible for managing, authenticating, and asserting a set of user identities for its service provider partners. In order for the Identity Federation service to perform SSO with external identity providers, they must be defined as trusted partners.

To create an Identity Provider Partner:

  1. In the Launch Pad tab, under Identity Federation, click Service Provider Administration.
  2. In the Service Provider Administration tab, click Create Identity Provider Partner.
  3. In the Create Identity Provider Partner tab, under General, complete the following:
    1. In the Name field, enter a unique name for the identity provider partner.

      For example, FederatedProviderPartner

    2. In the Description field, enter a unique description for the identity provider partner.
    3. Select the Enable Partner check box.
    4. Deselect the Default Identity Provider Partner check box.
  4. In the Create Identity Provider Partner tab, under Service Information, complete the following:
    1. In the Protocol list, select SAML 2.0.
    2. For Service Details, select Load from provider metadata.
    3. For Metadata File, click Browse and then select a metadata file.

      Note: The XML metadata file should be provided by an IdP.

  5. In the Create Identity Provider Partner tab, under User Mapping, complete the following:
    1. In the User Identity Store list, select the identity store that you created in Creating an Identity Store for Account Linking.

      For example, FederationStore

    2. Select the Map assertion Name ID to User ID Store attribute option.
    3. In the Map assertion Name ID to User ID Store attribute field, enter the LDAP attribute which identifies the unique login ID for your users. This should match the defined value in Creating an Identity Store for Account Linking.
    4. Click Save.
  6. In the identity provider partner tab, complete the following:

    Notes:

    • This tab opens automatically after you save the identity provider partner that you create.
    • The name of tab has the name of the identity provider partner that you entered.
    1. Click Create Authentication Scheme and Module.

      Note: The name of the authentication scheme and module is a combination of the name of the identity provider that you created with either FederationScheme or FederationModule appended to it.

      For example, FederatedProviderPartnerFederationScheme or FederatedProviderPartnerFederationModule

    2. In the Advanced pane, complete the following:
      • Select Enable global logout.
      • Select HTTP POST SSO Response Binding.
      • In the Authentication Request NameID Format list, select None.
    3. Click Save.

Related Topics

Configuring Oracle Access Manager for Federated Identity Using SAML 2.0

Enabling Identity Federation

Creating an Identity Store for Account Linking

Exporting SAML 2.0 Service Provider Metadata

Creating a SAML Authentication Policy

Assigning an Authentication Policy to Application Resources


Legal Notices | Your Privacy Rights
Copyright © 1999, 2020

Last Published Thursday, December 10, 2020