SAML Single Sign-On Configuration Information

When implementing SSO, most utilities choose to contract with a federation server provider and configure settings through the provider’s interface. Configuration details are provided below.

Oracle Utilities Opower SAML Information

Oracle Utilities provides the utility with SAML metadata for production and staging servers. The metadata provided by Oracle Utilities includes the following information:

  • Oracle Utilities Opower SAML Entity ID
  • Oracle Utilities Opower Assertion Consumer Service URL
  • Default Target URL (RelayState Value)

Information Required by Oracle Utilities from the Utility

Oracle Utilities requires that a Utility defines their SAML specification or extracts a SAML metadata definition, and provides either resource to Oracle Utilities. Refer to your IdP third-party documentation for steps on completing a SAML metadata extraction. The information in the specification or metadata file must include the following:

  • Utility SAML Entity ID: The URL to the client IdP SAML endpoint, which is the client-side counterpart to the Oracle Utilities Opower entity ID.
  • Utility Public Key: Oracle Utilities requires the public key for the corresponding private key the utility is using to sign their SAML assertions. SAML requires the IdP to sign all assertions submitted via POST with a private key. Oracle Utilities needs the public keys to verify the assertions were sent by the utility.
  • SAML Single Sign-On Service URL: Required for SP-initiated SSO, in which the user visits the URL for the Energy Efficiency Web Portal before logging in at the client utility website. Oracle Utilities needs to redirect users to the utility to begin the sign-in process and afterwards they will be returned to the URL on the Energy Efficiency Web Portal they were trying to access. This is done by sending SAML messages to the partner’s federation server to begin a user's SSO process. This value is the URL Oracle Utilities will use to begin SP-initiated SSO. Oracle Utilities uses redirect binding to access this URL.
  • Logout Redirect URL: This is an optional parameter. Oracle Utilities redirects the user to after they click the logout link.