1. Administration Guide
  2. System Configuration
  3. Configuring System Management - Common Profile Switches
  4. Configuring Single Sign-On

Configuring Single Sign-On

A common profile switch determines whether the system uses the Single Sign-On function. The Enable Single Sign-On checkbox enables you to configure the system to use the single sign-on feature.

Before enabling the single sign-on feature, you must enter the Single Sign-On HTTP Header element that the Argus application uses for authentication. This field can contain a maximum of 40 characters.

  1. The following new entries which are common across all enterprises have been added in Argus Console > System Management (Common Profile Switches) > Single Sign-On:

    A checkbox called Enable IAMS Integration has been introduced. IAMS is an Oracle suite of products used for Identity and Access Management mainly for Oracle Argus Cloud releases. Enabling this switch allows the application to integrate with IAMS.

    A checkbox called Use Oracle Access Server SDK for LDAP Validation under Single Sign-On tree will become available for selection only when Enable Single Sign-On is checked.

    This configuration is used to identify use of Oracle ASDK for user action confirmation , ESM login and EOSU Login functionality.

    • If this checkbox is checked, Oracle ASDK is user for action confirmation , ESM Login and EOSU Login when Argus Safety is configured for Single Sign-On.
    • If this checkbox is not checked, LDAP server information is used from Argus Safety database for user action confirmation, ESM Login and EOSU Login.
  2. A new textbox called Oracle Access Server Login URL has been added under the Use Oracle Access Server SDK for LDAP Validation checkbox.

    This is the base URL which is be passed to Oracle ASDK for user validation against Oracle Access Manager.

  3. A new textbox called Short Org ID HTTP Header has been added under the Use Oracle Access Server SDK for LDAP Validation checkbox.

    This is an HTTP Header variable for retrieving the short org ID which is to be passed with ASDK Login URL.

  4. If the Use Oracle Access Server SDK for LDAP Validation checkbox is checked, the application ignores any LDAP configuration present in the Oracle Argus Safety database and you cannot select LDAP Server Alias for any user from the user configuration screen (Access Management > Argus > Users) in the Argus Console.

The following table lists dialog boxes in the Oracle Argus Application that require passwords. In such cases, the system Single Sign-On feature redirects the password to Oracle Argus for validation. When single sign-on is enabled, the system locks the user account if the user enters an incorrect password three consecutive times. You must then unlock the account to enable the user to log in to the application.

Function Section Procedure

Case Locking

Activities|Lock

Locking a case

Case Unlocking

Activities|Lock

Unlocking a case

Case Closing

Activities|Close

Closing a case

Case Unclosing

Activities|Close

Unclosing a case.

Case Unblinding

General|Blinding Status

Breaking a blind

E2B Incoming Accept

Reports|Incoming E2B Reports

Accepting E2B Reports

E2B Incoming Reject

Reports|Incoming E2B Reports

Rejecting E2B Reports

E2B Incoming Follow-up Accept

Reports|Incoming E2B Reports

Accepting E2B Follow-up Reports

E2B Incoming Follow-up Reject

Reports|Incoming E2B Reports

Rejecting E2B Follow-up Reports

E2B Incoming Nullification Accept

E2B Incoming Nullification Accept

Accepting E2B Nullification Reports

E2B Incoming Nullification Reject

E2B Incoming Nullification Reject

Rejecting E2B Nullification Reports

LAM Incoming

Local Affiliate Incoming Review

Accepting an Affiliate Event

Workflow Routing

Workflow Routing on Password on Route

Workflow Routing on Password on Route

Oracle Access Server SDK Support for LDAP Validation in a Single Sign-On Environment

Oracle Argus Safety has been enhanced to support action confirmation (user id/password) using Oracle Access Server SDK.

If customers do not want to store the LDAP information in the Argus database for a single sign-on environment, this new feature of Argus Safety can be used to validate a user's actions through ASDK.

This feature is available only while using Oracle Access Manager as the Single Sign-On tool.

The following is a list of places where the Oracle Argus Safety web dialog which requires action confirmation to perform respective actions, has now been enhanced to validate a user using Oracle ASDK:

  • Case Lock/Unlock
  • Case Routing
  • Case Delete/Undelete
  • Case Archiving
  • LAM Routing
  • Study Unblinding
  • ESM Login
  • EOSU Login

There is no change in the user experience while performing actions which require password validation for a logged-in user.

The following modules launched in the Oracle Argus application continue to use the Single Sign-On feature:

  • Oracle Argus Insight
  • Oracle Argus Affiliate
  • Oracle Argus Safety Japan

The following modules do not use the Single Sign-On feature:

  • End of Study Unblinding
  • Oracle Argus Safety Services
  • Oracle Argus Interchange Services (ESM)
  • Oracle Argus Interchange Mapping (ESM Mapping Utility)

Configuring Single Sign-On re-authentication

Before you can configure Single Sign-On re-authentication, make sure that the Service Provider IDM (for example, Oracle Access Manager) supports Re-Authenticate URL and sets the last re-authentication header every time a user is re-authenticated.

To configure re-authentication, use the following common profile switches under Console > System Management > Single Sign-On:

  1. The Enable Re-Authentication checkbox (selectable only when the Enable Single Sign-On checkbox is checked), which enables Single Sign-On re-authentication. You can edit the re-authentication fields only if this checkbox is checked.
  2. The Re-Authentication URL text field, where you enter the re-authentication URL of the corporate LDAP system. The URL must be in the following format: <protocol>://<hostname>:<port>/oamreauthenticate?redirect_url= (for example, https://acme.idm.com:8787/oamreauthenticate?redirect_url=).
  3. The Re-Authentication HTTP Header text field, which is populated by default. The default setting is OAM_LAST_RE-AUTHENTICATION_TIME.
  4. The Re-Authentication HTTP Header Date Time Format text field, which is populated by default. The default setting is Dy Mon dd hh24:mi:ss TZD yyyy.

If re-authentication is enabled, user association with LDAP is not required, and you can configure Argus Safety users without providing LDAP details.

Single Sign-On re-authentication has the following impact on the LDAP settings at the user configuration level, which you can access under Console > Access Management > Argus > Users:

  1. The Enable LDAP Login checkbox is available if either LDAP is enabled at the system level (under Argus Console > System Configuration > System Management > Security > LDAP node), or Single Sign-On re-authentication is enabled. If neither is enabled, then the checkbox is disabled.
  2. The LDAP Server Alias drop-down list is disabled and blank when the Enable Re-Authentication checkbox is checked.
  3. If both re-authentication and LDAP are configured, then priority is given to re-authentication.

Parent topic: Configuring System Management - Common Profile Switches