Configure Single Sign-On

post

/rest/v19/ssoConfiguration

This endpoint configures Security Assertion Markup Language (SAML) properties to enable exchanging authentication and authorization data between an identity provider (IdP), and a service provider, allowing for a Single Sign-On (SSO) experience.

Request

Supported Media Types
Body ()
Root Schema : sso-configRequest
Type: object
Show Source
  • Title: Identity Provider Certificate
    Identity Provider Certificate
  • Title: SAML Requested Name Identifier Format
    Each IDP supports different NameID formats, which can be found in the IDP configuration. FullAccess users can customize this field. If the field is left blank, the setting defaults to using the transient format.
  • Title: SAML User ID Attribute Name
    When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID.
  • Title: SAML Identity Provider URL
    SAML Identity Provider URL
  • Title: SAML Issuer URL
    Oracle CPQ Issuer URL
  • Title: Request Keystore KeyPass
    Specifies a filename and location for the keystore file.
  • Title: SAML Logout URL
    When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out.
  • Title: Require Signed Request
    Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP.
  • Title: SAML Request Keystore
    SAML request keystore file
  • Title: SAML Single Logout Endpoint
    Adding a valid SAML Single Logout Endpoint essentially creates a global logout scenario. When a user is logged out of CPQ, they will also be logged out of the partner system. Defining a valid SAML Single Logout Endpoint is a best practice of SSO integrations.
  • Title: SAML Single Logout Response Endpoint
    SAML Single Logout Response Endpoint
  • Title: Request Keystore StorePass
    The password that is used to protect the keystore file.
  • Title: SAML User ID Location
    The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In the or in an , for the specified of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'.
  • Title: SAML User ID Type
    The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'.
  • Title: Single Sign-On Method
    Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.
Back to Top

Response

Supported Media Types

Default Response

Body ()
Root Schema : sso-configResponse
Type: object
Show Source
Back to Top

Examples

The following example shows how to configure SSO by submitting a POST request to the REST resource using cURL. For more information about cURL, see Use cURL.

curl - X POST -H "Authorization: Bearer <token>" - H "Content-type: application/json"
https://sitename.oracle.com/rest/v19/ssoConfiguration

Request Body Sample

{
  "ssoMethod": "Federated and Remote",
  "samlIssuerUrl": "BigMachines Issuer URL value",
  "idProviderCertificate": "base64encodecertvalue",
  "samlNeedRequestSigned": "true",
  "samlRequestKeyStore": "base64encodedcertvalue",
  "samlStorePass": "storePassValue",
  "samlKeyPass": "keyPassValue",
  "requestedNameIdentifierFormat": "identifier format value",
  "samlIdpUrl": "identity provided url value",
  "samlLogoutUrl": "logout url",
  "samlSingleLogoutEndpoint": "logout endpoint",
  "samlSingleLogoutResponseEndpoint": "logout response endpoint",
  "samlUserIdType": "assertionTypeUsername",
  "samlUserIdLocation": "idLocationAttribute",
  "samlAttributeName": "AttributeValue"
}
Back to Top