Initiate Authentication Using a Remote IdP
/sso/v1/sdk/secure/idp
Request
- multipart/form-data
object
-
authorization:
string
Authorization Bearer Token that was generated / used for previous authentication call to the /authenticate endpoint
-
clientId(required):
string
ClientId of the trusted application that initiates the authentication. If the trusted application that initiates the authentication and the custom UI application are the same, then this should be the clientId of the custom UI application
-
idpId(required):
string
Id of the selected Identity Provider
-
idpName(required):
string
Name of the selected Identity Provider
-
idpType(required):
string
Type of the selected Identity Provider
-
requestState(required):
string
RequestState that was obtained in the previous authentication call to the /authenticate endpoint
Response
303 Response
Examples
/sso/v1/sdk/secure/idp
endpoint. For this step, the
following attributes must be included:
requestState:
request stateidpName:
name of the IdPidpType:
type of IdP (in this example, it is SOCIAL)idpId:
id of the IdPappName:
name of the app that the client wants access toclientID:
client ID of the application the browser is attempting to accessauthorization:
parameter required for secure Idp
You must first start the authentication flow before selecting a social/SAML identity
provider. The requestState
, idpName
,
idpType
, and idpId
attributes are part of the
authentication flow response. See Authenticating with a Social Identity Provider and Authenticating with an
External SAML Identity Provider.
Example HTML Form POST Code
var addParamValues = function(myform, value, paramName) {
if (value !== null && value !== 'undefined') {
param = document.createElement("input");
param.value = value;
param.name = paramName;
myform.appendChild(param);
}
};
var chooseRemoteIDP = function(name, idpId, type) {
var myform = document.createElement("form");
myform.action = GlobalConfig.idcsBaseURL + "/sso/v1/sdk/secure/idp";
myform.method = "post";
<%
Credentials creds = CredentialsList.getCredentials().get(attr);
String clientId = creds.getId();
%>
var clientId = '<%=clientId%>';
addParamValues(myform, name, "idpName");
addParamValues(myform, type, "idpType");
addParamValues(myform, idpId, "idpId");
addParamValues(myform, clientId, "clientId");
addParamValues(myform, authorization, "accesstoken")
addParamValues(myform, GlobalConfig.requestState, "requestState");
document.body.appendChild(myform);
myform.submit();
};
var activateIdp = function(name, idpId) {
chooseRemoteIDP(name, idpId, "SAML");
};
var activateSocialIdp = function(name, idpId) {
chooseRemoteIDP(name, idpId, "SOCIAL");
};
Example of a Request Body When Initiating Authentication Using a Remote IdP
The following example shows the contents of the request body in FORM POST format when
initiating authentication using a social IdP to the
/sso/v1/sdk/secure/idp
endpoint:
requestState=value&idpName=value&idpType=SOCIAL&idpId=value&appName=name&clientID=value&authorization=accesstoken
Example of a Response Body When Initiating Authentication Using a Remote IdP
The following example shows the contents of the HTML response:
HTTP/1.1 302 See Other
Date: Tue, 30 Oct 2018 04:40:05 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Location: https://tenant-base-url/idp/sso
Set-cookie: ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-xss-protection: 1; mode=block
X-content-type-options: nosniff