Jump to

• Request
• Response
• Examples

Configure Single Sign-On

post

/rest/v19/ssoConfiguration

This endpoint configures Security Assertion Markup Language (SAML) properties to enable exchanging authentication and authorization data between an identity provider (IdP), and a service provider, allowing for a Single Sign-On (SSO) experience.

Request

Supported Media Types

• application/json

Body ()

Root Schema : sso-configRequest

Type: object

Show Source

• idProviderCertificate: string
  Title: Identity Provider Certificate

  Identity Provider Certificate
• requestedNameIdentifierFormat: string
  Title: SAML Requested Name Identifier Format

  Each IDP supports different NameID formats, which can be found in the IDP configuration. FullAccess users can customize this field. If the field is left blank, the setting defaults to using the transient format.
• samlAttributeName: string
  Title: SAML User ID Attribute Name

  When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID.
• samlIdpUrl: string
  Title: SAML Identity Provider URL

  SAML Identity Provider URL
• samlIssuerUrl: string
  Title: SAML Issuer URL

  Oracle CPQ Issuer URL
• samlKeyPass: string
  Title: Request Keystore KeyPass

  Specifies a filename and location for the keystore file.
• samlLogoutUrl: string
  Title: SAML Logout URL

  When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out.
• samlNeedRequestSigned: string
  Title: Require Signed Request

  Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP.
• samlRequestKeyStore: string
  Title: SAML Request Keystore

  SAML request keystore file
• samlSingleLogoutEndpoint: string
  Title: SAML Single Logout Endpoint

  Adding a valid SAML Single Logout Endpoint essentially creates a global logout scenario. When a user is logged out of CPQ, they will also be logged out of the partner system. Defining a valid SAML Single Logout Endpoint is a best practice of SSO integrations.
• samlSingleLogoutResponseEndpoint: string
  Title: SAML Single Logout Response Endpoint

  SAML Single Logout Response Endpoint
• samlStorePass: string
  Title: Request Keystore StorePass

  The password that is used to protect the keystore file.
• samlUserIdLocation: string
  Title: SAML User ID Location

  The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In the or in an , for the specified of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'.
• samlUserIdType: string
  Title: SAML User ID Type

  The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'.
• ssoMethod: string
  Title: Single Sign-On Method

  Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.

{
    "type":"object",
    "properties":{
        "ssoMethod":{
            "type":"string",
            "description":"Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.",
            "title":"Single Sign-On Method"
        },
        "samlIssuerUrl":{
            "type":"string",
            "description":"Oracle CPQ Issuer URL",
            "title":"SAML Issuer URL"
        },
        "idProviderCertificate":{
            "type":"string",
            "description":"Identity Provider Certificate",
            "title":"Identity Provider Certificate"
        },
        "samlNeedRequestSigned":{
            "type":"string",
            "description":"Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP.",
            "title":"Require Signed Request"
        },
        "samlRequestKeyStore":{
            "type":"string",
            "description":"SAML request keystore file",
            "title":"SAML Request Keystore"
        },
        "samlStorePass":{
            "type":"string",
            "description":"The password that is used to protect the keystore file.",
            "title":"Request Keystore StorePass"
        },
        "samlKeyPass":{
            "type":"string",
            "description":"Specifies a filename and location for the keystore file.",
            "title":"Request Keystore KeyPass"
        },
        "requestedNameIdentifierFormat":{
            "type":"string",
            "description":"Each IDP supports different NameID formats, which can be found in the IDP configuration. FullAccess users can customize this field. If the field is left blank, the setting defaults to using the transient format.",
            "title":"SAML Requested Name Identifier Format"
        },
        "samlIdpUrl":{
            "type":"string",
            "description":"SAML Identity Provider URL",
            "title":"SAML Identity Provider URL"
        },
        "samlLogoutUrl":{
            "type":"string",
            "description":"When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out.",
            "title":"SAML Logout URL"
        },
        "samlSingleLogoutEndpoint":{
            "type":"string",
            "description":"Adding a valid SAML Single Logout Endpoint essentially creates a global logout scenario. When a user is logged out of CPQ, they will also be logged out of the partner system. Defining a valid SAML Single Logout Endpoint is a best practice of SSO integrations.",
            "title":"SAML Single Logout Endpoint"
        },
        "samlSingleLogoutResponseEndpoint":{
            "type":"string",
            "description":"SAML Single Logout Response Endpoint",
            "title":"SAML Single Logout Response Endpoint"
        },
        "samlUserIdType":{
            "type":"string",
            "description":"The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'.",
            "title":"SAML User ID Type"
        },
        "samlUserIdLocation":{
            "type":"string",
            "description":"The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In the <Subject> or in an <AttributeValue>, for the specified <Attribute> of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'.",
            "title":"SAML User ID Location"
        },
        "samlAttributeName":{
            "type":"string",
            "description":"When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID.",
            "title":"SAML User ID Attribute Name"
        }
    }
}

Back to Top

Response

Supported Media Types

• application/json

Default Response

Body ()

Root Schema : sso-configResponse

Type: object

Show Source

• restartRequired: string
  Title: Restart Required

  Restart Required for Server
• statusCode: string
  Title: Status Code

  Response Status Code

{
    "type":"object",
    "properties":{
        "restartRequired":{
            "type":"string",
            "description":"Restart Required for Server",
            "title":"Restart Required"
        },
        "statusCode":{
            "type":"string",
            "description":"Response Status Code",
            "title":"Status Code"
        }
    }
}

Back to Top

Examples

The following example shows how to configure SSO by submitting a POST request to the REST resource using cURL. For more information about cURL, see Use cURL.

curl - X POST -H "Authorization: Bearer <token>" - H "Content-type: application/json"
https://sitename.oracle.com/rest/v19/ssoConfiguration

Request Body Sample

{
  "ssoMethod": "Federated and Remote",
  "samlIssuerUrl": "BigMachines Issuer URL value",
  "idProviderCertificate": "base64encodecertvalue",
  "samlNeedRequestSigned": "true",
  "samlRequestKeyStore": "base64encodedcertvalue",
  "samlStorePass": "storePassValue",
  "samlKeyPass": "keyPassValue",
  "requestedNameIdentifierFormat": "identifier format value",
  "samlIdpUrl": "identity provided url value",
  "samlLogoutUrl": "logout url",
  "samlSingleLogoutEndpoint": "logout endpoint",
  "samlSingleLogoutResponseEndpoint": "logout response endpoint",
  "samlUserIdType": "assertionTypeUsername",
  "samlUserIdLocation": "idLocationAttribute",
  "samlAttributeName": "AttributeValue"
}

Back to Top