Configuring Single Sign-On
A common profile switch determines whether the system uses the Single Sign-On function. The Enable Single Sign-On checkbox enables you to configure the system to use the single sign-on feature.
Before enabling the single sign-on feature, you must enter the Single Sign-On HTTP Header element that the Argus application uses for authentication. This field can contain a maximum of 40 characters.
-
The following new entries which are common across all enterprises have been added in A
rgus Console > System Management (Common Profile Switches) > Single Sign-On
:A checkbox called Enable IAMS Integration has been introduced. IAMS is an Oracle suite of products used for Identity and Access Management mainly for Oracle Argus Cloud releases. Enabling this switch allows the application to integrate with IAMS.
A checkbox called Use Oracle Access Server SDK for LDAP Validation under Single Sign-On tree will become available for selection only when Enable Single Sign-On is checked.
This configuration is used to identify use of Oracle ASDK for user action confirmation , ESM login and EOSU Login functionality.
- If this checkbox is checked, Oracle ASDK is user for action confirmation , ESM Login and EOSU Login when Argus Safety is configured for Single Sign-On.
- If this checkbox is not checked, LDAP server information is used from Argus Safety database for user action confirmation, ESM Login and EOSU Login.
- A new textbox called Oracle Access Server Login URL has been added under the
Use Oracle Access Server SDK for LDAP Validation
checkbox.
This is the base URL which is be passed to Oracle ASDK for user validation against Oracle Access Manager.
- A new textbox called Short Org ID HTTP Header has been added under the
Use Oracle Access Server SDK for LDAP Validation
checkbox.
This is an HTTP Header variable for retrieving the short org ID which is to be passed with ASDK Login URL.
- If the Use Oracle Access Server SDK for LDAP Validation
checkbox is checked, the application ignores any LDAP configuration present in
the Oracle Argus Safety database and you cannot select LDAP Server Alias for
any user from the user configuration screen (
Access Management > Argus > Users
) in the Argus Console.
The following table lists dialog boxes in the Oracle Argus Application that require passwords. In such cases, the system Single Sign-On feature redirects the password to Oracle Argus for validation. When single sign-on is enabled, the system locks the user account if the user enters an incorrect password three consecutive times. You must then unlock the account to enable the user to log in to the application.
Function | Section | Procedure |
---|---|---|
Case Locking |
Activities|Lock |
Locking a case |
Case Unlocking |
Activities|Lock |
Unlocking a case |
Case Closing |
Activities|Close |
Closing a case |
Case Unclosing |
Activities|Close |
Unclosing a case. |
Case Unblinding |
General|Blinding Status |
Breaking a blind |
E2B Incoming Accept |
Reports|Incoming E2B Reports |
Accepting E2B Reports |
E2B Incoming Reject |
Reports|Incoming E2B Reports |
Rejecting E2B Reports |
E2B Incoming Follow-up Accept |
Reports|Incoming E2B Reports |
Accepting E2B Follow-up Reports |
E2B Incoming Follow-up Reject |
Reports|Incoming E2B Reports |
Rejecting E2B Follow-up Reports |
E2B Incoming Nullification Accept |
E2B Incoming Nullification Accept |
Accepting E2B Nullification Reports |
E2B Incoming Nullification Reject |
E2B Incoming Nullification Reject |
Rejecting E2B Nullification Reports |
LAM Incoming |
Local Affiliate Incoming Review |
Accepting an Affiliate Event |
Workflow Routing |
Workflow Routing on Password on Route |
Workflow Routing on Password on Route |
Oracle Access Server SDK Support for LDAP Validation in a Single Sign-On Environment
Oracle Argus Safety has been enhanced to support action confirmation (user id/password) using Oracle Access Server SDK.
If customers do not want to store the LDAP information in the Argus database for a single sign-on environment, this new feature of Argus Safety can be used to validate a user's actions through ASDK.
This feature is available only while using Oracle Access Manager as the Single Sign-On tool.
The following is a list of places where the Oracle Argus Safety web dialog which requires action confirmation to perform respective actions, has now been enhanced to validate a user using Oracle ASDK:
- Case Lock/Unlock
- Case Routing
- Case Delete/Undelete
- Case Archiving
- LAM Routing
- Study Unblinding
- ESM Login
- EOSU Login
There is no change in the user experience while performing actions which require password validation for a logged-in user.
The following modules launched in the Oracle Argus application continue to use the Single Sign-On feature:
- Oracle Argus Insight
- Oracle Argus Affiliate
- Oracle Argus Safety Japan
The following modules do not use the Single Sign-On feature:
- End of Study Unblinding
- Oracle Argus Safety Services
- Oracle Argus Interchange Services (ESM)
- Oracle Argus Interchange Mapping (ESM Mapping Utility)
Configuring Single Sign-On re-authentication
Before you can configure Single Sign-On re-authentication, make sure that the Service Provider IDM (for example, Oracle Access Manager) supports Re-Authenticate URL and sets the last re-authentication header every time a user is re-authenticated.
To configure re-authentication, use the following common profile switches under
Console > System Management > Single Sign-On
:
- The Enable Re-Authentication checkbox (selectable only when the Enable Single Sign-On checkbox is checked), which enables Single Sign-On re-authentication. You can edit the re-authentication fields only if this checkbox is checked.
- The Re-Authentication URL text field, where you enter the re-authentication URL of
the corporate LDAP system. The URL must be in the following format:
<protocol>://<hostname>:<port>/oamreauthenticate?redirect_url=
(for example,https://acme.idm.com:8787/oamreauthenticate?redirect_url=
). - The Re-Authentication HTTP Header text field, which is populated by default. The
default setting is
OAM_LAST_RE-AUTHENTICATION_TIME
. - The Re-Authentication HTTP Header Date Time Format text field, which is populated
by default. The default setting is
Dy Mon dd hh24:mi:ss TZD yyyy
.
If re-authentication is enabled, user association with LDAP is not required, and you can configure Argus Safety users without providing LDAP details.
Single Sign-On re-authentication has the following impact on the LDAP settings at
the user configuration level, which you can access under Console >
Access Management > Argus > Users
:
- The Enable LDAP Login checkbox is available if either
LDAP is enabled at the system level (under
Argus Console > System Configuration > System Management > Security > LDAP
node), or Single Sign-On re-authentication is enabled. If neither is enabled, then the checkbox is disabled. - The LDAP Server Alias drop-down list is disabled and blank when the Enable Re-Authentication checkbox is checked.
- If both re-authentication and LDAP are configured, then priority is given to re-authentication.
Parent topic: Configuring System Management - Common Profile Switches