openSource

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for openSource using SAML.

About openSource

openSource is a Software-as-a-Service (SaaS) contract management solutions provider.

After integrating openSource with Oracle Identity Cloud Service:

  • Users can access openSource using their Oracle Identity Cloud Service login credentials.
  • Users can start openSource using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the openSource app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • An openSource account with authorization rights to configure federated authentication.
  • Make sure that the email ID of each user in openSource matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the openSource App in Oracle Identity Cloud Service

Use this section to register and activate the openSource app, and then assign users to the app.

Prerequisite Steps

A domain name is required before you can register and activate the openSource app. You obtain that domain name from openSource.

The openSource domain name appears in the openSource home URL: https://<Domain_Name>.opensourceinc.com.

Send an email to openSource team with customized logo and SSO sign-in button name and request to configure SSO for your openSource login page.

Tip: Use this SSO sign-in button later to access openSource in the "Verifying Service Provider Initiated SSO from openSource" section.

Registering and Activating the openSource App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for openSource, and then click Add.

  4. In the App Details section, enter your openSource Domain Name, and then click Next.

    Note: This is the domain name that you obtained while performing the steps in the "Prerequisite Steps" section.

  5. Click Download Identity Provider Metadata.

    Tip: Use this file later during the openSource configuration in the "Configuring SSO for openSource" section.

  6. Click Download Signing Certificate.

    Tip: Use this file later during the openSource configuration in the "Configuring SSO for openSource" section.

  7. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  8. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the openSource App

  1. On the openSource app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to openSource, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the openSource app is assigned to the users that you selected.

    Note: The user account should be created on both Oracle Identity Cloud Service and openSource for SSO.

Configuring and Enabling SSO for openSource

  1. Access openSource as an administrator using the URL: https://<Domain_Name>.opensourceinc.com. The openSource home page appears.

  2. Click Admin.

  3. Under Actions, click Settings, and then click Server Settings.

  4. In the Server Settings section, use the table to update the federated authentication attributes, and then click Save.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Settings
    SAML Certificate Paste the certificate into the SAML Certificate box that you downloaded during openSource registration in Oracle Identity Cloud Service. See the "Registering and Activating the openSource App" section.
    SAML Entrypoint Enter the SAML Entrypoint URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.

    Note: After you have configured SSO, you need to enable SSO, and then click Save.

  5. Under Actions, click Settings, and then click Password Settings.

  6. Under SSO Enabled, select the Single Sign On check box.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO) or from openSource (SP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the openSource app. Oracle Identity Cloud Service displays a shortcut to openSource under My Apps.

  3. Click openSource. The openSource home page appears.

  4. Confirm that the user that is logged in is the same for both openSource and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from openSource

  1. Access openSource using the URL: https://<Domain_Name>.opensourceinc.com, and then click your SSO sign-in button. You are redirected to the Oracle Identity Cloud Service login page.

    Tip: For your SSO sign-in button name, see the "Prerequisite Steps" section.

  2. Log in using credentials for a user that is assigned to the openSource app. The openSource home page appears.

  3. Confirm that the user that is logged in is the same for both openSource and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from openSource works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

openSource displays the message, “error:"

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in openSource.

Solution: Ensure that the user that you assign to the openSource app has an account in both Oracle Identity Cloud Service and openSource with the same email address.

Oracle Identity Cloud Service displays the message, “You are not authorized to access the app. Contact your system administrator." or “There is a problem with your account. Please contact Support."

Cause: The SAML 2.0 integration between the Oracle Identity Cloud Service openSource app and openSource is deactivated.

Solution:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select openSource.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Oracle Identity Cloud Service displays the message “You are not authorized to access the app. Contact your system administrator."

Cause: The administrator revokes access for the user at the same time that the user tries to access the openSource app using Oracle Identity Cloud Service.

Solution:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select openSource.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.