SAML Single Logout Assertion Requirements

The SAML assertion for an SLO implementation requires a SAML subject and security information.

SAML Subject

The SAML Subject must contain a user identifier. Oracle Utilities will describe the exact value required for this field based on the implementation plan. It will be one of the fields passed in the historical and iterative data files about the particular customer. This typically corresponds to the account number printed on a customer’s bill or an identifier derived from the billing account number.

Security Requirements

Security for SAML is achieved through several mechanisms. First, SAML logout requests sent using POST Binding from the Identity Provider must be digitally signed with the Identity Provider’s Private Key using XML Signature. This is a requirement per the SAML specifications. Oracle Utilities will then verify the source with the corresponding Public Key. Requests that fail this verification process will be rejected. This mechanism ensures that only requests originating from the proper utility client are accepted. Furthermore, data is encrypted via HTTPS during transfer.