1. PDC Installation Guide
  2. Setting Up SSO for PDC
  3. Setting Up Single Sign-On for Pricing Design Center

9 Setting Up Single Sign-On for Pricing Design Center

Learn how to set up a single sign-on (SSO) login method for Oracle Communications Pricing Design Center (PDC) using SAML.

Topics in this document:

About Setting Up SSO for PDC

SSO allows you to log in to applications using a single user name and password combination. You set up SSO for PDC by using SAML 2.0.

To implement SSO for PDC:

  1. Create a SAML assertion provider. See "Creating a SAML Assertion Provider".

  2. Create a SAML authenticator. See "Creating a SAML Authenticator".

  3. Define SAML 2.0 general information. See "Performing SAML 2.0 General Configurations".

  4. Define the SAML service provider. See "Configuring the SAML Service Provider".

  5. Generate a metadata file and publish it to all SAML identity providers. See "Publishing the Service Provider Metadata".

  6. Update the PDC deployment plan. See "Updating the Deployment Plan for PDC".

Creating a SAML Assertion Provider

The SAML assertion provider validates a client's identity by mapping a client-supplied token to a user name.

To create a SAML assertion provider for PDC:

  1. Log in to PDC WebLogic Server Administration Console.

  2. In the Domain Structure section, click the Security Realms link.

    The Summary of Security Realms page appears.

  3. Click the myrealm link.

    The Settings for myrealm page appears.

  4. Click the Providers tab and then click the Authentication subtab.

  5. Click New.

    The Create a New Authentication Provider page appears.

  6. In the Name field, enter samlPDC.

  7. From the Type list, select SAML2IdentityAsserter.

  8. Click OK.

  9. Activate your changes and then restart WebLogic Server.

  10. Click the Providers tab and then click the Authentication subtab.

  11. In the Authentication Providers table, click the samlPDC link.

    The Settings for samlPDC appears.

  12. Click the Management tab.

  13. In the table under Identity Provider Partners, click New and then New Web Single Sign-On Identity Provider Partner.

  14. In the Create a SAML 2.0 Web Single Sign-on Identity Provider Partner page, do the following:

    • In the Name field, enter WebSSO-IdP-Partner-1.

    • In the Path field, specify or browse to the full path of the metadata partner file.

    • Click OK.

  15. In the Identity Provider Partners table, click WebSSO-IdP-Partner-1.

  16. Select the Enabled, Virtual User, and Process Attributes checkboxes.

  17. In Redirect URIs, enter /pdc/*.

  18. Click Save.

  19. Verify the Identity Provider details in the Site Info and Single Sign-on Signing Certificate tabs.

Creating a SAML Authenticator

The SAML authenticator verifies the identity of users or system processes, and makes identity information available to PDC when that information is needed.

To create a SAML authenticator for PDC:

  1. Log in to PDC WebLogic Server Administration Console.

  2. In the Domain Structure section, click the Security Realms link.

    The Summary of Security Realms page appears.

  3. Click the myrealm link.

    The Settings for myrealm page appears.

  4. Click the Providers tab and then click the Authentication subtab.

  5. Click New.

    The Create a New Authentication Provider page appears.

  6. In the Name field, enter samlPDCAuth.

  7. From the Type list, select SAMLAuthenticator.

  8. Click OK.

  9. Click the samlPDCAuth link and then set Control Flag to SUFFICIENT.

  10. Click Save.

  11. Click the DefaultAuthenticator link and then set Control Flag to SUFFICIENT.

  12. Click Save.

  13. In the Settings for myrealm page, click Reorder.

  14. Arrange the providers in the following order:

    • samlPDCAuth

    • samlPDC

    • DefaultAuthenticator

    • DefaultIdentityAsserter

  15. Click OK.

  16. In the Change Center, click Activate Changes.

Performing SAML 2.0 General Configurations

To perform SAML 2.0 general configurations:

  1. Log in to PDC WebLogic Server Administration Console.

  2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

    The Settings for AdminServer page appears.

  3. Select Configuration, Federation Services, and then SAML 2.0 General.

  4. In the Site Info section, enter the following information about your SAML 2.0 site:

    • Published Site URL: Enter http://pdc_hostname:port/saml2, where pdc_hostname is the PDC application host and port is the port on which PDC is listening on.

    • Entity ID: Enter samlPDC.

  5. Click Save.

  6. Activate your changes and then restart WebLogic Server.

Configuring the SAML Service Provider

To configure the SAML service provider:

  1. Log in to PDC WebLogic Server Administration Console.

  2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

    The Settings for AdminServer page appears.

  3. Select Configuration, Federation Services, and then SAML 2.0 Service Provider.

  4. Select the Enabled checkbox.

  5. From the Preferred Binding list, select POST.

  6. In the Default URL field, enter http://pdc_hostname:port/pdc/faces/oracle/communications/brm/pdc/ui/pages/login.jspx, where pdc_hostname is the PDC application host and port is the port on which PDC is listening on.

  7. Activate your changes and then restart WebLogic Server.

Publishing the Service Provider Metadata

To publish the service provider metadata:

  1. Log in to WebLogic Server Administration Console.

  2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

    The Settings for AdminServer page appears.

  3. Click Configuration, Federation Services, and then SAML 2.0 General.

  4. Click Publish Meta Data.

    The Publish SAML 2.0 Meta Data page appears.

  5. In the Path field, enter the full path and name of the spmeta.xml file.

  6. Click OK.

Updating the Deployment Plan for PDC

To update your deployment plan for PDC:

  1. Create a new plan.xml file with the PDC deployment plan, or edit your existing plan.xml file.

  2. In the file, add a logoutURL variable set to your identity provider (IDP) logout URL: 

    <variable-definition>    
   <variable>      
      <name>logoutUrl</name>      
      <value>IDP_LOGOUT_URL</value>    
   </variable>  
</variable-definition>

  3. Add the following module-override element: 

    <module-override>    
   <module-name>BPA.war</module-name>    
   <module-type>war</module-type>    
   <module-descriptor external="false">      
      <root-element>web-app</root-element>      
      <uri>WEB-INF/web.xml</uri>      
      <variable-assignment>        
         <name>logoutUrl</name>
         <xpath>/web-app/context-param/[param-name="loginURL"]/param-value</xpath>        
         <operation>replace</operation>      
      </variable-assignment>    
   </module-descriptor>   
</module-override>

  4. Save and close your plan.xml file.

  5. Redeploy the PDC application with your new plan.xml file.

For more information about updating and deploying your deployment plan, see the "Create and Use a Deployment Plan in Oracle WebLogic Server" tutorial.