1. Implementing Recruiting
  2. Configuring an Identity Provider

Configuring an Identity Provider

The Manage SSO configuration user type permission is required.

Configuration > SSO Configuration
  1. Next to Identity Provider Configuration, click Show.
  2. Click Create.
  3. SAML 2.0 is the only possible selection. Click Next.
  4. In the Automated Identity Provider Information section, perform one of the following steps:
    1. To upload an IdP metadata file, click Browse..., select the file and then click Upload.
    2. Type a URL to the IdP metadata file in the corresponding field and click Retrieve.

    The Display Name and Entity Id or issuer identity fields are filled automatically.

  5. In the Manual Identity Provider Information section, complete the fields as needed.

    • You can change the display name if you wish.

    • In the Entity Id or issuer identity field, you can enter the identity of the user who was authenticated by the IdP.

    • The UserID Type refers to the type of identifying information and currently "Loginname", the login name of the user in the system, is the only type supported so ensure that "Loginname" is the value displayed.

    • The User ID Attribute Name (XPath value) does not require a value.

  6. Click Next.
  7. In the Bindings section , complete the fields as needed and click Next.
  8. You can add certificates manually (in addition to the certificates imported automatically from the metadata file) by clicking Add.
    1. To specify that a certificate be used to confirm the identity of Identity Providers for SmartOrg, career sections, or both, click the corresponding radio button.
    2. Click Browse... and select a certificate file.
    3. Click Save.
    4. Click Next.
  9. In the Authentication Settings section, you specify whether SAML requests issued by Oracle will be signed, whether the signature of SAML responses received from the IdP will be validated, and the time period (30,000 milliseconds is recommended) beyond which assertions will no longer be considered valid.
    It is strongly recommended to have assertions validated (ensure that the Default SAML Signature check box is selected).
    1. If you want to change the default values, clear the Default SAML Signature check box and make your selections.
    2. Click Next.
  10. In the SmartOrg Configuration section, configure your SmartOrg Service Provider by making your selections. For details regarding these settings, see SmartOrg Service Provider Settings and Challenge, Error and Exit URLs.
    Note: If Default for SP Initiated Flow is set to Yes, it is important to also select Custom Exit Page URL and type a Custom Exit Page URL in the corresponding field or leave the field empty.
  11. Click Next.
  12. In the Career Section Configuration section, configure your Career Service Provider by making your selections. For details regarding these settings, see Career Section Service Provider Settings and Challenge, Error and Exit URLs.
  13. Click Next.
    The information headings are displayed. You can click Edit next to a heading to edit the corresponding information as needed.
  14. Click Finish to generate the metadata and certificates for the Service Providers (SmartOrg and Career Section).
    If the Service Provider-initiated flow was enabled and the challenge URL was configured, the users will be redirected to the IdP. SSO will fail, however, because the IdP is not yet configured. Because this can create a temporary lockout situation, a direct URL is available to bypass SSO as necessary. See Bypassing Single Sign-On.