Jump to

• Request
• Response
• Examples

Get Single Sign-On Properties

get

/rest/v16/ssoConfiguration

This endpoint is used to retrieve SSO properties.

Request

There are no request parameters for this operation.

Back to Top

Response

Supported Media Types

• application/json

Default Response

Single Sign-On Configuration properties.

Body ()

Root Schema : sso-getResponse

Type: object

Show Source

• idProviderCertificate: string
  Title: Identity Provider Certificate

  Identity Provider Certificate
• requestedNameIdentifierFormat: string
  Title: SAML Requested Name Identifier Format

  Each IDP supports different NameID formats, which can be found in the IDP configuration. If the field is left blank, the setting defaults to using the transient format.
• samlAttributeName: string
  Title: SAML User ID Attribute Name

  When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID.
• samlIdpUrl: string
  Title: SAML Identity Provider URL

  SAML Identity Provider URL
• samlIssuerUrl: string
  Title: SAML Issuer URL

  Oracle CPQ Issuer URL
• samlLogoutUrl: string
  Title: SAML Logout URL

  When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out.
• samlNeedRequestSigned: string
  Title: Require Signed Request

  Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP.
• samlRequestKeyStore: string
  Title: SAML Request Keystore

  SAML Request Keystore
• samlSingleLogoutEndpoint: string
  Title: SAML Single Logout Endpoint

  SAML Single Logout Endpoint
• samlSingleLogoutResponseEndpoint: string
  Title: SAML Single Logout Response Endpoint

  SAML Single Logout Response Endpoint
• samlUserIdLocation: string
  Title: SAML User ID Location

  The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In the or in an , for the specified of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'.
• samlUserIdType: string
  Title: SAML User ID Type

  The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'.
• ssoMethod: string
  Title: Single Sign-On Method

  Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.

{
    "type":"object",
    "properties":{
        "ssoMethod":{
            "type":"string",
            "description":"Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.",
            "title":"Single Sign-On Method"
        },
        "samlIssuerUrl":{
            "type":"string",
            "description":"Oracle CPQ Issuer URL",
            "title":"SAML Issuer URL"
        },
        "idProviderCertificate":{
            "type":"string",
            "description":"Identity Provider Certificate",
            "title":"Identity Provider Certificate"
        },
        "samlNeedRequestSigned":{
            "type":"string",
            "description":"Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP.",
            "title":"Require Signed Request"
        },
        "samlRequestKeyStore":{
            "type":"string",
            "description":"SAML Request Keystore",
            "title":"SAML Request Keystore"
        },
        "requestedNameIdentifierFormat":{
            "type":"string",
            "description":"Each IDP supports different NameID formats, which can be found in the IDP configuration. If the field is left blank, the setting defaults to using the transient format.",
            "title":"SAML Requested Name Identifier Format"
        },
        "samlIdpUrl":{
            "type":"string",
            "description":"SAML Identity Provider URL",
            "title":"SAML Identity Provider URL"
        },
        "samlLogoutUrl":{
            "type":"string",
            "description":"When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out.",
            "title":"SAML Logout URL"
        },
        "samlSingleLogoutEndpoint":{
            "type":"string",
            "description":"SAML Single Logout Endpoint",
            "title":"SAML Single Logout Endpoint"
        },
        "samlSingleLogoutResponseEndpoint":{
            "type":"string",
            "description":"SAML Single Logout Response Endpoint",
            "title":"SAML Single Logout Response Endpoint"
        },
        "samlUserIdType":{
            "type":"string",
            "description":"The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'.",
            "title":"SAML User ID Type"
        },
        "samlUserIdLocation":{
            "type":"string",
            "description":"The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In the <Subject> or in an <AttributeValue>, for the specified <Attribute> of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'.",
            "title":"SAML User ID Location"
        },
        "samlAttributeName":{
            "type":"string",
            "description":"When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID.",
            "title":"SAML User ID Attribute Name"
        }
    }
}

Back to Top

Examples

The following example shows how to retrieve an SSO configuration by submitting a GET request to the REST resource using cURL. For more information about cURL, see Use cURL.

curl - X GET - i - H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQg" - H "Content-type: application/json"
https://sitename.oracle.com/rest/v16/ssoConfiguration

Response Body Sample

{
  "ssoMethod": "Federated and Remote",
  "samlIssuerUrl": "BigMachines Issuer URL value",
  "idProviderCertificate": "base64encodecertvalue",
  "samlNeedRequestSigned": "true",
  "samlRequestKeyStore": "base64encodedcertvalue",
  "requestedNameIdentifierFormat": "identifier format value",
  "samlIdpUrl": "identity provided url value",
  "samlLogoutUrl": "logout url",
  "samlSingleLogoutEndpoint": "logout endpoint",
  "samlSingleLogoutResponseEndpoint": "logout response endpoint",
  "samlUserIdType": "assertionTypeUsername",
  "samlUserIdLocation": "idLocationAttribute",
  "samlAttributeName": "AttributeValue"
}

Back to Top