SAML Single Logout (SLO) Configuration
This section describes the requirements for implementing single logout (SLO) with the Oracle Utilities Opower Energy Efficiency Web Portal. When SLO is implemented and a customer logs out of the Energy Efficiency Web Portal or utility site, they are automatically logged out of both sites. When the user clicks to log out of the Energy Efficiency Web Portal, Oracle Utilities can configure the final URL to which users are directed after the logout process is complete. For example, the utility may want the user redirected to the utility home page after the user clicks on the logout link on the Energy Efficiency Web Portal. SSO must be supported in order to implement SLO.
SAML Requirements
Oracle Utilities uses SAML 2.0 to implement SLO with clients. A utility'Oracle Cloud Infrastructure Identity and Access Management environment acts as the Service Provider (SP) and the utility acts as the Identity Provider (IdP). See Getting Started for more information.
SAML Bindings
Identity Provider to Service Provider Binding
Oracle Utilities accepts SAML logout messages from Identity Providers using the HTTP POST Binding method. This means all SAML logout messages are sent as HTTP POST requests to the Oracle Utilities federation server. Oracle Utilities the use of HTTP POST and the browser transmits the SAML logout message to the Oracle Utilities federation server. For this reason, Oracle Utilities does not support Artifact Binding for SAML 2.0.
Service Provider to Identity Provider Binding
Oracle Utilities supports either HTTP Redirect Binding, or HTTP POST Binding when sending logout requests to the Identity Provider. By default, Oracle Utilities will use HTTP Redirect Binding. This means that when Oracle Utilities begins the SP Initiated SLO process, Oracle Utilities will issue an HTTP Redirect to the user’s browser directing them to the Identity Provider. The Identity Provider federation service will then receive an HTTP POST request from the consumer and initiate the Authorization process. Oracle Utilities does not support Artifact Binding on communication from Oracle Utilities to the Identity Provider.