Jump to

• Request
• Response
• Examples

Initiate Authentication Using a Remote IdP

post

/sso/v1/sdk/secure/idp

Request

Supported Media Types

• multipart/form-data

Body ()

Root Schema : schema

Type: object

Show Source

• authorization: string
  Authorization Bearer Token that was generated / used for previous authentication call to the /authenticate endpoint
• clientId(required): string
  ClientId of the trusted application that initiates the authentication. If the trusted application that initiates the authentication and the custom UI application are the same, then this should be the clientId of the custom UI application
• idpId(required): string
  Id of the selected Identity Provider
• idpName(required): string
  Name of the selected Identity Provider
• idpType(required): string
  Type of the selected Identity Provider
• requestState(required): string
  RequestState that was obtained in the previous authentication call to the /authenticate endpoint

{
    "type":"object",
    "properties":{
        "requestState":{
            "description":"RequestState that was obtained in the previous authentication call to the /authenticate endpoint",
            "type":"string"
        },
        "idpId":{
            "description":"Id of the selected Identity Provider",
            "type":"string"
        },
        "idpName":{
            "description":"Name of the selected Identity Provider",
            "type":"string"
        },
        "idpType":{
            "description":"Type of the selected Identity Provider",
            "type":"string"
        },
        "authorization":{
            "description":"Authorization Bearer Token that was generated / used for previous authentication call to the /authenticate endpoint",
            "type":"string"
        },
        "clientId":{
            "description":"ClientId of the trusted application that initiates the authentication. If the trusted application that initiates the authentication and the custom UI application are the same, then this should be the clientId of the custom UI application",
            "type":"string"
        }
    },
    "required":[
        "requestState",
        "idpId",
        "idpName",
        "idpType",
        "clientId"
    ]
}

Back to Top

Response

303 Response

Redirect to the social identity provider or display an error message.

Back to Top

Examples

The following examples show how to initiate authentication using a remote Identity Provider (IdP). The user selects the external SAML/SOCIAL IdP that they want to use to authentication from the custom sign-in page that appears. The custom sign-in page must construct and then submit the required information for the selected IdP as an HTML FORM POST to the /sso/v1/sdk/secure/idp endpoint. For this step, the following attributes must be included:

• requestState: request state
• idpName: name of the IdP
• idpType: type of IdP (in this example, it is SOCIAL)
• idpId: id of the IdP
• appName: name of the app that the client wants access to
• clientID: client ID of the application the browser is attempting to access
• authorization: parameter required for secure Idp

You must first start the authentication flow before selecting a social/SAML identity provider. The requestState, idpName, idpType, and idpId attributes are part of the authentication flow response. See Authenticating with a Social Identity Provider and Authenticating with an External SAML Identity Provider.

Example HTML Form POST Code

The following JavaScript example shows how to select the social IdP:

var addParamValues = function(myform, value, paramName) {
    if (value !== null && value !== 'undefined') {
        param = document.createElement("input");
        param.value = value;
        param.name = paramName;
        myform.appendChild(param);
    }
};
 
var chooseRemoteIDP = function(name, idpId, type) {
    var myform = document.createElement("form");
    myform.action = GlobalConfig.idcsBaseURL + "/sso/v1/sdk/secure/idp";
    myform.method = "post";
    <%
        Credentials creds = CredentialsList.getCredentials().get(attr);
        String clientId = creds.getId();
    %>
    var clientId = '<%=clientId%>';
    addParamValues(myform, name, "idpName");
    addParamValues(myform, type, "idpType");
    addParamValues(myform, idpId, "idpId");
    addParamValues(myform, clientId, "clientId");
    addParamValues(myform, authorization, "accesstoken")
    addParamValues(myform, GlobalConfig.requestState, "requestState");
    document.body.appendChild(myform);
    myform.submit();
};
 
var activateIdp = function(name, idpId) {
    chooseRemoteIDP(name, idpId, "SAML");
};
 
var activateSocialIdp = function(name, idpId) {         
    chooseRemoteIDP(name, idpId, "SOCIAL");
};

Example of a Request Body When Initiating Authentication Using a Remote IdP

The following example shows the contents of the request body in FORM POST format when initiating authentication using a social IdP to the /sso/v1/sdk/secure/idp endpoint:

requestState=value&idpName=value&idpType=SOCIAL&idpId=value&appName=name&clientID=value&authorization=accesstoken

Example of a Response Body When Initiating Authentication Using a Remote IdP

The following example shows the contents of the HTML response:

HTTP/1.1 302 See Other
Date: Tue, 30 Oct 2018 04:40:05 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Location: https://tenant-base-url/idp/sso
Set-cookie: ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-xss-protection: 1; mode=block
X-content-type-options: nosniff

Back to Top