openSource
Before You Begin
Introduction
This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for openSource using SAML.
About openSource
openSource is a Software-as-a-Service (SaaS) contract management solutions provider.
After integrating openSource with Oracle Identity Cloud Service:
- Users can access openSource using their Oracle Identity Cloud Service login credentials.
- Users can start openSource using the Oracle Identity Cloud Service My Apps console.
- Admins can assign and revoke user access to the openSource app using the Oracle Identity Cloud Service administration console.
What Do You Need?
- An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
- An openSource account with authorization rights to configure federated authentication.
- Make sure that the email ID of each user in openSource matches the primary email ID of the Oracle Identity Cloud Service account.
Configuring the openSource App in Oracle Identity Cloud Service
Use this section to register and activate the openSource app, and then assign users to the app.
Prerequisite Steps
A domain name is required before you can register and activate the openSource app. You obtain that domain name from openSource.
The openSource domain name appears in the openSource home URL: https://<Domain_Name>.opensourceinc.com
.
Send an email to openSource team with customized logo and SSO sign-in button name and request to configure SSO for your openSource login page.
Tip: Use this SSO sign-in button later to access openSource in the "Verifying Service Provider Initiated SSO from openSource" section.
Registering and Activating the openSource App
Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
Click App Catalog.
Search for
openSource
, and then click Add.In the App Details section, enter your openSource Domain Name, and then click Next.
Note: This is the domain name that you obtained while performing the steps in the "Prerequisite Steps" section.
Click Download Identity Provider Metadata.
Tip: Use this file later during the openSource configuration in the "Configuring SSO for openSource" section.
Click Download Signing Certificate.
Tip: Use this file later during the openSource configuration in the "Configuring SSO for openSource" section.
Click Finish. Oracle Identity Cloud Service displays a confirmation message.
Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Assigning Users to the openSource App
On the openSource app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.
Select users that you want to assign to openSource, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the openSource app is assigned to the users that you selected.
Note: The user account should be created on both Oracle Identity Cloud Service and openSource for SSO.
Configuring and Enabling SSO for openSource
Access openSource as an administrator using the URL:
https://<Domain_Name>.opensourceinc.com
. The openSource home page appears.Click Admin.
Under Actions, click Settings, and then click Server Settings.
In the Server Settings section, use the table to update the federated authentication attributes, and then click Save.
This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration. Attribute Settings SAML Certificate Paste the certificate into the SAML Certificate box that you downloaded during openSource registration in Oracle Identity Cloud Service. See the "Registering and Activating the openSource App" section. SAML Entrypoint Enter the SAML Entrypoint URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso
.Note: After you have configured SSO, you need to enable SSO, and then click Save.
Under Actions, click Settings, and then click Password Settings.
Under SSO Enabled, select the Single Sign On check box.
Verifying the Integration
Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO) or from openSource (SP Initiated SSO).
Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service
Access the Oracle Identity Cloud Service My Profile console using the URL:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole
.Log in using credentials for a user that is assigned to the openSource app. Oracle Identity Cloud Service displays a shortcut to openSource under My Apps.
Click openSource. The openSource home page appears.
Confirm that the user that is logged in is the same for both openSource and Oracle Identity Cloud Service.
This confirms that SSO that is initiated from Oracle Identity Cloud Service works.
Verifying Service Provider Initiated SSO from openSource
Access openSource using the URL:
https://<Domain_Name>.opensourceinc.com
, and then click your SSO sign-in button. You are redirected to the Oracle Identity Cloud Service login page.Tip: For your SSO sign-in button name, see the "Prerequisite Steps" section.
Log in using credentials for a user that is assigned to the openSource app. The openSource home page appears.
Confirm that the user that is logged in is the same for both openSource and Oracle Identity Cloud Service.
This confirms that SSO that is initiated from openSource works.
Troubleshooting
Use this section to locate solutions to common integration issues.
Known Issues
openSource displays the message, “error:"
Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in openSource.
Solution: Ensure that the user that you assign to the openSource app has an account in both Oracle Identity Cloud Service and openSource with the same email address.
Unknown Issues
For unknown issues, contact Oracle Support:
Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.