Oracle Social Cloud Service

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) using SAML and provisioning for Oracle Social Cloud Service.

About Oracle Social Cloud Service

Oracle Social Cloud Service is a product that helps you manage and scale your relationship with customers on social media channels. Oracle has integrated the four best-in-class social relationship management components - social listening, social analytics, social engagement and social publishing - into one unified interface to give you the most complete social relationship management solution on the market.

What Do You Need?

  • SRM application with minimum supported version 7.11.2
  • Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • Oracle Social Cloud Service account with administrative rights to configure federated authentication and Oracle Social Cloud Service.
  • Oracle Social Cloud Service site URL: https://cas.vitrue.com
  • Identity Provider metadata. To access the IdP metadata, use the URL: https://<IDCS-Service Instance>.identity.oraclecloud.com/fed/v1/metadata
  • Host name of the Oracle Social Cloud Service instance.

Configuring SSO for Oracle Social Cloud Service

Use this section to configure an Identity Provider for Oracle Social Cloud Service.

Obtaining the IdP Details

Use this section to obtain the IdP details such as the Entity ID, the Identity Provider Base URL, the SSO Target URL, the Logout URL, and the X.509 Certificate.

  1. Open the IdP metadata file that you previously downloaded. See the "What Do You Need" section.

  2. In the IdP metadata file, for the X.509 Certificate, copy the value between <dsig:X509Certificate> and </dsig:X509Certificate> to a text file.

    Image img3.png displays the Locating X.509 Certificate value in Oracle Identity Cloud Service Metadata file.

  3. Add -----BEGIN CERTIFICATE----- to the beginning of the file.

  4. Add -----END CERTIFICATE----- to the end of the file.

    Image img4.png displays the Certificate.txt file stored in Step 2.

  5. In the IdP metadata file, make note of the following information. You need this information in the “Configuring an Identity Provider in Oracle Social Cloud Service” section.

    • Entity ID URL. This URL is the value of the entityID attribute found in the <md:EntityDescriptor> tag.

    Example: https://MYDEMOTENANT1.idcs.internal.oracle.com:8943/fed

    • Identity Provider Base URL. To create this URL using the above Entity ID URL as an example, remove the /fed from the end of the URL.

    Example: [https://MYDEMOTENANT1.idcs.internal.oracle.com:8943/fed](https://MYDEMOTENANT1.idcs.internal.oracle.com:8943)

    • SSO Target URL. This URL is the value of the location attribute found in the <md:SingleSignOnService> tag.

    Example: https://mydemotenant1.idcs.internal.oracle.com:8943/fed/v1/idp/sso

    • Logout URL. This URL is the value of the location attribute found in the <md:SingleLogoutService> tag.

    Example: https://mydemotenant1.idcs.internal.oracle.com:8943/fed/v1/idp/slo

Configuring an Identity Provider in Oracle Social Cloud Service

  1. Log in as an administrator to: https://cas.vitrue.com

  2. Click the ACCOUNT tab. The MY ACCOUNT page appears.

  3. Click SAML SETTINGS. The EDIT SAML SETTINGS page appears.

  4. In the EDIT SAML SETTINGS page:

    • Select the SAML 2.0 Enabled check box.

    • Enter a name for the SAML service in the Name field.

      Note: The name that you enter here is a unique identifier for the IdP and is used during the log in process. The name that you enter is also used to reference the Identity Provider (IdP) instance (in this case, the Oracle Identity Cloud Service instance) that is used for user authentication.

    • The Consumer URL is a mandatory field. However, during the initial setup this field is auto-populated.

    • Ensure that the Enable Logout Support check box is enabled. This step ensures that the Single Logout URL box is auto-populated.

    • Enter the Oracle Social Cloud Service site URL. The Entity ID attribute is used as the Oracle Social Cloud Service site URL. See the “What Do You Need” section.

    • Enter the Identity Provider Base URL. See the “Obtaining the IdP Details” section.

    • Paste the X.509 Certificate file contents in the box. See the “Obtaining the IdP Details” section.

    • Enter the Entity ID. See the “Obtaining the IdP Details” section.

    • Enter the SSO Target URL. See the “Obtaining the IdP Details” section.

    • Enter the Logout URL. See the “Obtaining the IdP Details” section.

    • Enable the Request Compression check box.

    • Enable the Response Compression check box.

    • Select SHA256 from the Digest Method drop-down list.

    • Select RSA-SHA256 from the Signature Method drop-down list.

  5. Click SAVE CHANGES.

Configuring the Oracle Social Cloud Service Application in Oracle Identity Cloud Service

Use this section to register and activate the Oracle Social Cloud Service app and to enable provisioning. You can then assign users or groups to the Oracle Social Cloud Service and start the user provisioning process.

Note: The Synchronization feature is currently not supported.

Prerequisite Steps

To enable provisioning, the client credentials (client ID and client secret) and API access permissions are required to authenticate with Oracle Social Cloud Service REST APIs. You obtain these attributes while creating an integration user using the Oracle Social Cloud Service admin console. For details, see the "Register Your Client Application" section in the REST API for Oracle Social Relationship Management Cloud Service document.

Registering and Activating the Oracle Social Cloud Service Application

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Oracle Social Cloud Service, and then click Add.

  4. In the App Details section:

    • Enter the Name and Description.

    • Enter the Site URL. See the “What Do You Need?” section.

    • Click SSO Configuration.

    • Enter the Entity ID. See the “Obtaining the IdP Details” section.

    • Click Next to enable provisioning for Oracle Social Cloud Service. See the "Enabling Provisioning for the Oracle Social Cloud Service Application" section.

  5. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  6. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Enabling Provisioning for the Oracle Social Cloud Service Application

Use this section to enable provisioning for managing user accounts in Oracle Social Cloud Service through Oracle Identity Cloud Service.

Enabling Provisioning

  1. On the Provisioning page, select Enable Provisioning.

  2. Use the following table to configure connectivity between Oracle Social Cloud Service and Oracle Identity Cloud Service.

    This table lists the parameters that Oracle Identity Cloud Service requires to connect to Oracle Social Cloud Service.
    Parameter Value
    Host Name Enter the host name of the server that hosts Oracle Social Cloud Service in the srma-api.<hostname> format. For example, if the hostname is acme.oraclecorp.com, prefix it with srma-api to obtain the complete hostname value, such as srma-api.acme.oraclecorp.com.
    Authentication Server URL Enter the Oracle Social Cloud Service OAuth Server's /authorize URL in the https://gatekeeper.<hostname>/oauth/token format. For example, if the hostname is acme.oraclecorp.com, then the authentication server URL value is https://gatekeeper.acme.oraclecorp.com/oauth/token
    Client ID Enter the client ID value that you obtained in the “Prerequisite Steps” section.
    Client Secret Enter the client secret value that you obtained in the “Prerequisite Steps” section.

  3. Click Test Connectivity to verify the connection with Oracle Social Cloud Service. Oracle Identity Cloud Service displays a confirmation message.

  4. To view predefined attribute mappings between the user account fields defined in Oracle Social Cloud Service and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

  5. Specify the provisioning operations that you want to enable for Oracle Social Cloud Service:

    Note: By default, the Create Account and Delete Account check boxes are selected.

    • Create Account: Automatically creates an account in Oracle Social Cloud Service when Oracle Social Cloud Service access is granted to the corresponding user in Oracle Identity Cloud Service.

    • Delete Account: Automatically deletes an account from Oracle Social Cloud Service when Oracle Social Cloud Service access is revoked from the corresponding user in Oracle Identity Cloud Service.

You can also manage Oracle Social Cloud Service accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.

Verifying the Integration

Use this section to verify that SSO and single log-out (SLO) work when initiated from Oracle Identity Cloud Service (IdP Initiated SSO and IdP Initiated SLO) and when initiated from Oracle Social Cloud Service (SP Initiated SSO and SP Initiated SLO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole/.

  2. Log in using credentials for a user that is assigned to the Oracle Social Cloud Service app. Oracle Identity Cloud Service displays a shortcut to Oracle Social Cloud Service app under My Apps.

  3. Click Oracle Social Cloud Service. The Oracle Social Cloud Service home page appears.

  4. Confirm that the user that is logged in is the same for both Oracle Social Cloud Service and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Oracle Social Cloud Service

  1. Access the Oracle Social Cloud Service using the URL: http://cas.vitrue.com

  2. Click Log in with Oracle Cloud Account?. The User Defined Name for SAML Service page appears.

  3. Provide your User Defined Name. Oracle Identity Cloud Service login page appears. For information about User Defined Name, see the “Configuring an Identity Provider in Oracle Social Cloud Service” section.

  4. Log in using credentials for a user that is assigned to the Oracle Social Cloud Service app, and then click Sign In. The Social Cloud Service home page appears.

  5. Confirm that the user that is logged in is the same for both Oracle Social Cloud Service app and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Social Cloud Service works.

    Note

    • In the User Defined Name for the SAML Service page, the Oracle Social Cloud Service app provides the Remember my choice check box. This option helps to streamline the use of the Service Provider initiated SSO.
    • When the Remember my choice check box is enabled, the User Defined Name gets saved. During your subsequent log in process, if the Log in with Oracle Cloud account option is enabled, the Oracle Identity Cloud Service login page appears. After a User Defined Name gets saved, a Clear option appears. Click Clear to enter a new value for the User Defined Name attribute.

Verifying Identity Provider Initiated SLO

  1. On the Oracle Identity Cloud Service home page, click the user name in the upper-right corner, and then select Sign Out from the drop-down list.

  2. On the Oracle Social Cloud Service home page, perform any operation. The Oracle Identity Cloud Service Login page appears.

    This confirms that SLO works and that the user is no longer logged in to Oracle Social Cloud Service and Oracle Identity Cloud Service.

Verifying Service Provider Initiated SLO

  1. On the Oracle Social Cloud Service home page, click Log Out.

  2. Access the Oracle Identity Cloud Service My Profile console, and then confirm that the login page appears.

    This confirms that SLO works and that the user is no longer logged in to Oracle Social Cloud Service and Oracle Identity Cloud Service.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause1: The administrator revokes access for the user at the same time that the user tries to access the Oracle Social Cloud Service App using Oracle Identity Cloud Service.

Solution1: Access the Oracle Identity Cloud Service administration console, select Applications, Oracle Social Cloud Service, Users, and then click Assign to re-assign the user.

Solution2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then Oracle Social Cloud Service.

  • Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.