Configure Single Sign-On
post
/rest/v19/ssoConfiguration
This endpoint configures Security Assertion Markup Language (SAML) properties to enable exchanging authentication and authorization data between an identity provider (IdP), and a service provider, allowing for a Single Sign-On (SSO) experience.
Request
Supported Media Types
- application/json
Root Schema : sso-configRequest
Type:
Show Source
object
-
idProviderCertificate:
string
Title:
Identity Provider Certificate
Identity Provider Certificate -
requestedNameIdentifierFormat:
string
Title:
SAML Requested Name Identifier Format
Each IDP supports different NameID formats, which can be found in the IDP configuration. FullAccess users can customize this field. If the field is left blank, the setting defaults to using the transient format. -
samlAttributeName:
string
Title:
SAML User ID Attribute Name
When the 'idLocationAttribute' option is selected, the Attribute Name field appears. Enter the value that contains the User ID. -
samlIdpUrl:
string
Title:
SAML Identity Provider URL
SAML Identity Provider URL -
samlIssuerUrl:
string
Title:
SAML Issuer URL
Oracle CPQ Issuer URL -
samlKeyPass:
string
Title:
Request Keystore KeyPass
Specifies a filename and location for the keystore file. -
samlLogoutUrl:
string
Title:
SAML Logout URL
When an Oracle CPQ user is logged out (via a session timeout, or by the user manually logging out), the user will be redirected to the SAML Logout URL. If a SAML Logout URL is not defined, the user will land on the CPQ login screen after being logged out. -
samlNeedRequestSigned:
string
Title:
Require Signed Request
Require Signed Request, allowed values: 'true', 'false'. A signed request is a message sent from an applicant to a certificate authority to apply for a digital identity certificate. This helps establish a level of trust to ensure when CPQ makes a request to an IDP, the IDP can verify that it is actually CPQ, and not an attacker disguised as CPQ. When 'true' the Request Keystore StorePass and Request Keystore KeyPass SAML requests are provided to the IDP. -
samlRequestKeyStore:
string
Title:
SAML Request Keystore
SAML request keystore file -
samlSingleLogoutEndpoint:
string
Title:
SAML Single Logout Endpoint
Adding a valid SAML Single Logout Endpoint essentially creates a global logout scenario. When a user is logged out of CPQ, they will also be logged out of the partner system. Defining a valid SAML Single Logout Endpoint is a best practice of SSO integrations. -
samlSingleLogoutResponseEndpoint:
string
Title:
SAML Single Logout Response Endpoint
SAML Single Logout Response Endpoint -
samlStorePass:
string
Title:
Request Keystore StorePass
The password that is used to protect the keystore file. -
samlUserIdLocation:
string
Title:
SAML User ID Location
The SAML user Id location specifies in which of two locations in the assertion a user will be identified. In theor in an , for the specified of the assertion. Allowed values: 'idLocationSubject' and 'idLocationAttribute'. -
samlUserIdType:
string
Title:
SAML User ID Type
The SAML user Id type specifies which of two identifiers an assertion contains when being sent to CPQ: The users CPQ username or an External ID from the User Object. Allowed values: 'assertionTypeUsername' and 'assertionTypeExternal'. -
ssoMethod:
string
Title:
Single Sign-On Method
Single Sign-On Method, allowed methods: None, Federated Authentication, Remote Webservices, and Federated and Remote.
Response
Supported Media Types
- application/json
Default Response
Root Schema : sso-configResponse
Type:
Show Source
object
-
restartRequired:
string
Title:
Restart Required
Restart Required for Server -
statusCode:
string
Title:
Status Code
Response Status Code
Examples
The following example shows how to configure SSO by submitting a POST request to the REST resource using cURL. For more information about cURL, see Use cURL.
curl - X POST -H "Authorization: Bearer <token>" - H "Content-type: application/json" https://sitename.oracle.com/rest/v19/ssoConfiguration
Request Body Sample
{ "ssoMethod": "Federated and Remote", "samlIssuerUrl": "BigMachines Issuer URL value", "idProviderCertificate": "base64encodecertvalue", "samlNeedRequestSigned": "true", "samlRequestKeyStore": "base64encodedcertvalue", "samlStorePass": "storePassValue", "samlKeyPass": "keyPassValue", "requestedNameIdentifierFormat": "identifier format value", "samlIdpUrl": "identity provided url value", "samlLogoutUrl": "logout url", "samlSingleLogoutEndpoint": "logout endpoint", "samlSingleLogoutResponseEndpoint": "logout response endpoint", "samlUserIdType": "assertionTypeUsername", "samlUserIdLocation": "idLocationAttribute", "samlAttributeName": "AttributeValue" }