SAML Single Sign-On Configuration Information

When implementing SSO, most utilities choose to contract with a federation server provider and configure settings through the provider’s interface. Configuration details are provided below.

Oracle Utilities Opower SAML Information

Oracle Utilities provides the utility with SAML metadata for production and staging servers. The metadata provided by Oracle Utilities includes the following information:

Oracle Utilities Opower SAML Entity ID
Oracle Utilities Opower Assertion Consumer Service URL
Default Target URL (RelayState Value)

Information Required by Oracle Utilities from the Utility

Oracle Utilities requires that a Utility defines their SAML specification or extracts a SAML metadata definition, and provides either resource to Oracle Utilities. Refer to your IdP third-party documentation for steps on completing a SAML metadata extraction. The information in the specification or metadata file must include the following:

Utility SAML Entity ID: The URL to the client IdP SAML endpoint, which is the client-side counterpart to the Oracle Utilities Opower entity ID.
Utility Public Key: Oracle Utilities requires the public key for the corresponding private key the utility is using to sign their SAML assertions. SAML requires the IdP to sign all assertions submitted via POST with a private key. Oracle Utilities needs the public keys to verify the assertions were sent by the utility.
SAML Single Sign-On Service URL: Required for SP-initiated SSO, in which the user visits the URL for Digital Self Service - Transactions before logging in at the client utility website. Oracle Utilities needs to redirect users to the utility to begin the sign-in process and afterwards they will be returned to the URL on the Digital Self Service - Transactions they were trying to access. This is done by sending SAML messages to the partner’s federation server to begin a user's SSO process. This value is the URL Oracle Utilities will use to begin SP-initiated SSO.
Logout Redirect URL: The logout URL logs out of the utility’s IdP and redirects to the utility’s login page. Oracle Utilities redirects the user to after they click the logout link.

Define the Redirect for Single Logout

When configuring SSO along with single logout (SLO), a redirect URL must be configured within your identity provider as well as by Oracle Utilities. This URL determines where customers are redirected to after the logout process is completed. If configured incorrectly, the logout process can produce an error or redirect the customers to an unintended location.

Oracle Utilities recommends defining both values to redirect to the same location, which provides the most consistent behavior for customers. Oracle Utilities also recommends redirecting customers to the main Overview page of the Digital Self Service - Transactions web portal.