1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Change Oracle Identity Cloud Service Default Settings
  4. Access SAML Metadata

Access SAML Metadata

When setting up SSO with a SAML Identity Provider or a SAML Application, you need to provide your Oracle Identity Cloud Service domain's SAML configuration details to the partner provider. This information is typically contained in an XML document called SAML metadata.

Oracle Identity Cloud Service offers two ways to download SAML metadata: a button in the Identity Cloud Service console, or directly accessing an endpoint URL. In most scenarios, the simplest method is to click the button in the Identity Cloud Service console. However, if you need options not supported by the Identity Cloud Service console, such as the adfsmode="true" query parameter, you need to directly access the metadata endpoint URL.

Method Instructions References

Method One

Download the metadata from the Identity Cloud Service console.

This is the simplest way to obtain the SAML metadata for your Oracle Identity Cloud Service domain.

Use this method, whenever possible.

For a SAML Application, click the Download Identity Provider Metadata button for the partner SAML Application.

For a SAML Identity Provider, click the download button for Service Provider Metadata.

See

Method Two

Make the metadata URL publicly accessible.

Use this method, for example, if the administrator of your partner Identity Provider or SAML Application is not an Oracle Identity Cloud Service Identity domain administrator. You can also use this method if your partner Identity Provider or SAML Application is able to automatically retrieve your Oracle Identity Cloud Service domain's metadata, by using a configured URL.

Turn on the Access Signing Certificate option under Default Settings in the Identity Cloud Service console.

Once you turn the option on, https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata will be accessible in the browser without authentication.

See Change Default Settings.

Method Three

Generate an OAuth access token and use an authenticated GET request to the /fed/v1/metadata endpoint, using cURL or another REST client.

If the identity domain administrator doesn’t want to make its metadata URL publicly accessible, they can access the metadata by passing a valid Oracle Identity Cloud Service access_token in the HTTP Authorization header, by using a tool such as cURL or Postman.

See Generate Access Token and Other OAuth Runtime Tokens for more information regarding how to get and use an access token.

See Using the Postman Collection and Using cURL for more information regarding how to invoke Oracle Identity Cloud Service REST APIs.

Method Four

Download the SAML metadata for Active Directory Federation Services (ADFS) using a URL.
  1. Make the metadata URL publicly accessible using Method Two above.
  2. Navigate to the metadata URL https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata?adfsmode=true using your browser, replacing <IDCS-Service-Instance> with your Identity Cloud Service tenant ID.
  3. Save the file locally on your computer. Do not copy from the browser window and paste the contents into a file.
  4. Optionally, revert the public accessibility of your metadata URL.

No references.