Configure SSO Service
post
/oam/services/rest/11.1.2.0.0/fed/admin/sso
The REST endpoint POST request is used to configure the SSO service. This API is used for wiring with Fusion Applications and it configures the FAAuthScheme.
For Fusion Applications, IdP is configured at global level to:
- Enable SAML 2.0 only.
- Enable SSO POST, SSO Artifact, SLO Redirect profiles only.
- NameID:
- Email Address with mail as the attribute of the user.
- Unspecified with uid as the attribute of the user (default).
- One set of keys/certificates for SAML operations.
OAM/Fed will be able to have specific SP Partner configuration:
- SSO binding to be used.
- NameID format and value to be used.
- Extra attributes to be sent
- NameID value sent as an attribute: SP Partner will indicate the SAML Attribute name, and whether to send user's ID or email address.
- Static attribute value used by the SP during Assertion mapping operations: SP Partner will indicate the SAML Attribute name and its value.
Request
Supported Media Types
- application/json
- application/xml
- text/xml
These parameters can be used for configuring SSO service
Root Schema : ConfigureSSOInput
Type:
object
These parameters can be used to configure SSO service.
Show Source
-
idpLabelLoginPage:
string
the label that will be used on the button to start Federation SSO on the Chooser Login page, when the customer uses disjoint population, where some must do Federation SSO and others must do local login for authentication (ONLY FOR OIF)
-
idpProviderID:
string
provider ID for the IDP Partner
-
oamAdminHost:
string
the hostname where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)
-
oamAdminPassword:
string
the password for the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)
-
oamAdminPort:
string
the port where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)
-
oamAdminUser:
string
the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)
-
oamLogoutDoneURL:
string
the URL where the user should be redirected after the logout is done (ONLY FOR OIF)
-
preverify:
string
boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the Federation service is correctly configured before the changes are performed in a subsequent call.
-
spTenantName:
string
the customers' tenant name in the targeted service
-
ssoChooser:
string
indicates whether or not SSO should be enabled, true or false (ONLY FOR OIF)
-
ssoFederation:
string
indicates whether or not SSO should be enabled
Response
Supported Media Types
- application/json
200 Response
OK
Status Response
Root Schema : statusResponse
Type:
object
Status Response
Show Source
-
status:
integer(int32)
Status Code: 1 for success and 0 for failure
-
statusMessage:
string
Status Message
400 Response
Bad Request.
500 Response
INTERNAL SERVER ERROR.