REST API for Federation Management in Oracle Access Manager

Orchestrator Service

post

/oam/services/rest/11.1.2.0.0/fed/admin/orchestratorservice

The REST endpoint service request is used to create trusted IDP Partner using FORM data.

Request

Supported Media Types

multipart/form-data

Form Parameters

assertionConsumerURL: string

the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion
attributeLDAP: string

indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
attributeSAML: string

indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
command: string

command for Orchestration to create trusted SP and IDP Partner the value should be 'setupSPAndIdPTrust')

Allowed Values: [ "setupSPAndIdPTrust", "configureSSO", "configureTestSP" ]
customAttrs: string

indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)
emailAttrName: string

indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)
faWelcomePage: string

the default relay state to set in that will be used by the SP(optional)
firstNameAttrName: string

indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)
idpEncryptionCert: string

IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service
idpLogoutRequestURL: string

the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service
idpLogoutResponseURL: string

the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service
idpPartnerName: string

the partner name to be used
idpProviderID: string

the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID
idpSigningCert: string

the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service
idpadminpassword: string

the password for WLS admin for the IdP server
idpadminuser: string

the WLS admin for the IdP server
idpmetadata: string

the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used
idpmetadataurl: string

URL where the IdP metadata can be downloaded
idpresturl: string

the REST URL for the IdP server
idptype: string
the type of IDP to being configured:
- If idptype is onpremise, then the orchestrator will not attempt to connect to REST services on the remote IdP server
- If idptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service
lastNameAttrName: string

indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)
nameIDFormat: string

the NameID format used during Federation SSO

Allowed Values: [ "emailaddress", "unspecified" ]
oamadminhost: string

the hostname where WLS Admin server is installed
oamadminpassword: string

the password for WLS admin for the SP server
oamadminport: string

the port where WLS Admin server is installed
oamadminuser: string

the WLS admin for the SP server
preverify: string

boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service
spEncryptionCert: string

the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages
spLogoutRequestURL: string

the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML
spLogoutResponseURL: string

the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse
spPartnerName: string

the partner name to be used
spProviderID: string

Provider ID of the SP Partner
spSigningCert: string

the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages
spadminpassword: string

the password for WLS admin for the SP server
spadminuser: string

the WLS admin for the SP server
spmetadata: string

the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used
spmetadataurl: string

URL where the SP metadata can be downloaded
spresturl: string

the REST URL for the SP server
sptype: string
the type of SP being configured
- If sptype is sp_manual, taleo_manual , eloqua_manual or rightnow_manual, then the orchestrator will not attempt to connect to REST services on the remote SP server
- If sptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
ssoChooser: string

indicates whether or not SSO should be enabled

Allowed Values: [ "true", "false" ]
ssoFederation: string

indicates whether or not SSO should be enabled

Allowed Values: [ "true", "false" ]
ssoMobile: string

Mobile SSO for the SP Partner
ssoProfile: string

the SAML 2.0 SSO profile to use

Allowed Values: [ "artifact", "httppost" ]
ssoSOAPURL: string

the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service
ssoURL: string

the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service
staticAttrName: string

indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
staticAttrValue: string

indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
succinctID: string

the SHA-1 hash of the IdP's ProviderID
userNameAttrName: string

indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)

Response

Supported Media Types

application/json

200 Response

Status Response

Root Schema : statusResponse

Type: object

Status Response

Show Source

status: integer(int32)

Status Code: 1 for success and 0 for failure
statusMessage: string

Status Message

{
    "description":"Status Response",
    "properties":{
        "status":{
            "type":"integer",
            "format":"int32",
            "description":"Status Code: 1 for success and 0 for failure"
        },
        "statusMessage":{
            "type":"string",
            "description":"Status Message"
        }
    }
}

400 Response

Bad Request.

500 Response

INTERNAL SERVER ERROR.