Enter Metadata for a SAML Identity Provider

You can use Oracle Identity Cloud Service to enter metadata for a SAML 2.0 identity provider.

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Identity Providers.
  2. Click Add SAML IDP.
  3. Populate the Details pane of the Add Identity Provider wizard and click Next. See Import Metadata for a SAML Identity Provider.
  4. Use the following table to populate the Configure pane of the wizard, and click Next:
    Field Description
    Enter Identity Provider metadata manually Click this button because you want to configure SSO for the identity provider by entering metadata for it.
    Issuer ID

    Enter the ID of the issuer that's used to register the signing certificate for the identity provider.

    If you upload new metadata for the identity provider, then the Issuer ID field will be updated to reflect the new metadata.

    Signing Certificate To upload a signing certificate for the identity provider, click Upload. Select the file that contains the signing certificate.
    Encryption Certificate To upload an encryption certificate for the identity provider, click Upload. Select the file that contains the encryption certificate.
    SSO Service URL Enter the URL of the SSO authentication service for the identity provider. With this service, users can access multiple Oracle Cloud services without having to provide authentication credentials more than once.
    SSO Service Binding
    This menu contains two options for web-based SSO associated with the identity provider: Redirect and POST.
    • To send an authentication request with the HTTP-Redirect binding, select Redirect.

    • To transmit the response associated with the request using the HTTP-POST binding, select POST.

    Global Logout Activated

    To activate SAML global logouts between Oracle Identity Cloud Service and the identity provider, select this check box. Otherwise, leave the check box deselected.

    If you select the check box, then you must enter values for two URLs for the identity provider: logout request and logout response, and specify whether you want Oracle Identity Cloud Service to initiate a logout with a HTTP-Redirect or HTTP-POST binding.

    Logout Request URL Enter the URL of the service that receives and processes logout requests from the identity provider.
    Logout Response URL Enter the URL of the service that receives and processes logout responses from the identity provider
    Logout Binding
    This menu contains two options to initiate a logout: Redirect and POST.
    • To initiate a logout with the HTTP-Redirect binding, select Redirect.

    • To initiate a logout using the HTTP-POST binding, select POST.

    Signature Hashing Algorithm

    Select the SHA-1 or SHA-256 secure hash algorithm used to encrypt the signing certificate for the identity provider.

    See Import Metadata for a SAML Identity Provider.

    Include Signing Certificate

    To include a signing certificate with your identity provider, select this check box.

    If you don't want to include a signing certificate with your identity provider, then leave the check box deselected.

  5. Populate the Map pane of the Add Identity Provider wizard, and click Next. See Import Metadata for a SAML Identity Provider.
  6. Populate or reference the Export pane of the Add Identity Provider wizard, and click Next. See Import Metadata for a SAML Identity Provider.
  7. In the Test pane of the wizard, click Test Login to test the configuration settings for the identity provider.
  8. Click Next.
  9. In the Activate pane of the wizard, click Activate to activate the identity provider.
  10. Click Finish.