Initiate Authentication Using a Remote IdP
post
/sso/v1/sdk/secure/idp
Request
Supported Media Types
- multipart/form-data
Root Schema : schema
Type:
Show Source
object-
authorization(optional):
string
Authorization Bearer Token that was generated / used for previous authentication call to the /authenticate endpoint
-
clientId:
string
ClientId of the trusted application that initiates the authentication. If the trusted application that initiates the authentication and the custom UI application are the same, then this should be the clientId of the custom UI application
-
idpId:
string
Id of the selected Identity Provider
-
idpName:
string
Name of the selected Identity Provider
-
idpType:
string
Type of the selected Identity Provider
-
requestState:
string
RequestState that was obtained in the previous authentication call to the /authenticate endpoint
Response
303 Response
Redirect to the social identity provider or display an error message.
Examples
The following examples show how to initiate authentication using a remote Identity Provider (IdP). The user selects the external SAML/SOCIAL IdP that they want to use to authentication from the custom sign-in page that appears. The custom sign-in page must construct and then submit the required information for the selected IdP as an HTML FORM POST to the
/sso/v1/sdk/secure/idp endpoint. For this step, the following attributes must be included:
requestState:request stateidpName:name of the IdPidpType:type of IdP (in this example, it is SOCIAL)idpId:id of the IdPappName:name of the app that the client wants access toclientID:client ID of the application the browser is attempting to accessauthorization:parameter required for secure Idp
You must first start the authentication flow before selecting a social/SAML identity provider. The requestState, idpName, idpType, and idpId attributes are part of the authentication flow response. See Authenticating with a Social Identity Provider and Authenticating with an External SAML Identity Provider.
Example HTML Form POST Code
The following JavaScript example shows how to select the social IdP:
var addParamValues = function(myform, value, paramName) {
if (value !== null && value !== 'undefined') {
param = document.createElement("input");
param.value = value;
param.name = paramName;
myform.appendChild(param);
}
};
var chooseRemoteIDP = function(name, idpId, type) {
var myform = document.createElement("form");
myform.action = GlobalConfig.idcsBaseURL + "/sso/v1/sdk/secure/idp";
myform.method = "post";
<%
Credentials creds = CredentialsList.getCredentials().get(attr);
String clientId = creds.getId();
%>
var clientId = '<%=clientId%>';
addParamValues(myform, name, "idpName");
addParamValues(myform, type, "idpType");
addParamValues(myform, idpId, "idpId");
addParamValues(myform, clientId, "clientId");
addParamValues(myform, authorization, "accesstoken")
addParamValues(myform, GlobalConfig.requestState, "requestState");
document.body.appendChild(myform);
myform.submit();
};
var activateIdp = function(name, idpId) {
chooseRemoteIDP(name, idpId, "SAML");
};
var activateSocialIdp = function(name, idpId) {
chooseRemoteIDP(name, idpId, "SOCIAL");
};Example of a Request Body When Initiating Authentication Using a Remote IdP
The following example shows the contents of the request body in FORM POST format when initiating authentication using a social IdP to the /sso/v1/sdk/secure/idp endpoint:
requestState=value&idpName=value&idpType=SOCIAL&idpId=value&appName=name&clientID=value&authorization=accesstokenExample of a Response Body When Initiating Authentication Using a Remote IdP
The following example shows the contents of the HTML response:
HTTP/1.1 302 See Other
Date: Tue, 30 Oct 2018 04:40:05 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Location: https://tenant-base-url/idp/sso
Set-cookie: ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-xss-protection: 1; mode=block
X-content-type-options: nosniff