1. Installer Property File Creation
  2. Create Property File for Oracle FLEXCUBE Installer
  3. Create Property File
  4. Set Single Sign on

2.1.3 Set Single Sign on

This topic explains the systematic instructions of setting single sign on.

  1. The installer displays the Single Sign on screen.

    Figure 2-11 Oracle FLEXCUBE Universal Installer - Property File Creation - Single Sign on


    Description of Figure 2-11 follows
    Description of "Figure 2-11 Oracle FLEXCUBE Universal Installer - Property File Creation - Single Sign on"

  2. On the Oracle FLEXCUBE Universal Installer - Property File Creation - Single Sign on screen, specify the following details.

    Table 2-5 Oracle FLEXCUBE Universal Installer - Property File Creation - Single Sign on

    Fields Description
    SSO Required Check this box to enable single sign-on (SSO). If you check this box, you need to enter the SSO Key.
    SSO Type This is disabled. This is enabled on selecting SSO Required Flag. Specify the SSO Type from the list of the following:
    1. DEFAULT
      • This option is the default scenario where the External SSO system needs to send the SSO UserID mapped to the application userID in the SSO_KEY parameter.
        For Example:
        • If SSO_KEY maintained is DN and SSO_USERID is fcubsuser@oracle.com then the SSO system needs to send SSO USERID in the DN parameter when a request is sent to the application.
        • The SSO UserID needs to be maintained in the LDAP_USER field of the User Maintenance screen –SSDUSRDF- Refer to section 2.10 of Oracle ® FLEXCUBE Universal Banking.
    2. TOKEN
      • This option needs to be selected if Custom implementation is required for SSO authentication in the application’s

        Select this option to invoke Authenticate Custom Token. class when the application login is performed. The required custom implementation method for SSO/SAML needs to be done in the custom class.

        Exec File Path: INFRA\FCJNeoWeb\war\WEB-INF\classes\com\ofss\infra\sso\AuthenticateCustomToken.class can be referred for the method details.

        Note:

        Configuration details on the External SSO system will not be provided/available as part of Application documentation. This needs to be checked with the respective SSO provider.
    3. SAML
      • By default, ‘DEFAULT’ option is selected; however, you can change it.

        IF SAML is selected, SAML details table below will be enabled .Please enter SAML details such as Certificate Path, password, alias and valid audience.

        This option needs to be selected if SSO -SAML authentication is required. In this case, the external system needs to send the SAML request XML in the SSO_KEY parameter.

        The application will validate the SAML signature using the certificate Path & password. In addition, the SAML Audience value provided should be the same in the SAML request sent to the application.

        Note:

        After the successful SAML validations, the application will allow you to log in with the userID sent in the SAML request.

        The SAML UserID send in the SAML request needs to be maintained in the LDAP_USER field of the User Maintenance screen – SSDUSRDF- Refer to section 2.10 of Oracle ® FLEXCUBE Universal Banking.

    4. IDCS Token
      • This option needs to be selected if Oracle Identity Cloud Service(IDCS) is used as the Identify & Access management system in cloud deployments.
    SSO Signoff Configurations The below section details the options available to do SSO signoff when the user has logged off from the application.

    Select the SSO signoff checkbox to enable the below fields.

    1. SSO_SIGNOFF_URL:
      • The External SSO logout URL which needs to be invoked after application logoff needs to be configured here. Example: https://<host>/oam/server/logout”
    2. SSO_SIGNOFF_POST_RD_URL :
      • This is applicable only if IDCS is used as IAM system. The URL/Context path which needs to be navigated post SSO signoff needs to be configured here. Example: “/FCJNeoWeb”
    3. SO_REQ_PARAM_KEYS:
      • This is applicable only if IDCS is used as an IAM system. The keys required for the IDCS token validation need to be specified here as comma-separated.
        Example: “idcs_service_url,idcs_remote_user,idcs_user_assertion”.

        Note:

        Note that the Application will only invoke the configured SSO logout URL when the user is logging off the application. The application will not perform any other action for SSO logout.

    For the screen, refer to the image SSO Sign Off Configuration
    SSO KEY Specify the SSO key. If you have checked the box ‘SSO Required,’ it is mandatory to specify the SSO key. By default, the value is ‘DN.’

    If you have checked the box ‘SSO required,’ the Installer skips the following two screens and directly navigates to the SSL screen shown below in this manual.

    If you have not checked the box ‘SSO required,’ then on clicking the ‘Next’ button, the screen for enabling SSL options is displayed.
    External Password Required Check this box to allow the user-login using an MSAD/LDAP password irrespective of the user ID. If you check this box, the user ID can be either the MSAD/LDAP/ user ID or the FCUBS user ID. And the password can be MSAD/LDAP/ server password only.

    If LDAP is selected, a table related to LDAP will be enabled. Please enter LDAP server URL, SSL enabled, Security authentication type, Domain Name, and LDAP Server timeout details.

    By default, this check box is unchecked. However, you can change this.
    External User Login Required Check this box to enable user login using MSAD/LDAP/ user ID. If you check this box, the user can login using MSAD/LDAP/ server user ID as well as using FCUBS user ID.

    If you do not check this box, the user can login using FCUBS user ID only.

    By default, this check box is unchecked. However, you can change this.

    Note:

    'Authentication Type’ is enabled if one of the above check boxes is checked.
    Authentication Type Select the authentication type from the adjoining drop-down list. This is the type of external server that is used for authentication. This option is enabled only when the External Password Required checkbox is checked. You can select one of the following options:
    • MSAD (Microsoft Active Directory)
    • LDAP (Lightweight Directory Access Protocol)

    By default, ‘MSAD’ is selected; however, you can change it.

    Specify the following details.
    Platform Security If the Platform Security box is checked for weblogic, the symmetric key is not stored in the property file for security reasons. If the Platform Security box is unchecked, the symmetric key is available in the property file and a warning message is displayed to the user.
    SMS Security Key This field is used to capture the security key value if the Platform Security check box is checked.
    SSL Enabled SSL Enabled is checked by default.

    Figure 2-12 SSO Sign Off Configuration


    The image shows the SSO screen. It displays several fields to specify the SSO.

  3. Click Next and the next screen gets displayed.

Parent topic: Create Property File