REST API for Federation Management in Oracle Access Manager

Configure SSO Service

post

/oam/services/rest/11.1.2.0.0/fed/admin/sso

The REST endpoint POST request is used to configure the SSO service. This API is used for wiring with Fusion Applications and it configures the FAAuthScheme.

For Fusion Applications, IdP is configured at global level to:

Enable SAML 2.0 only.
Enable SSO POST, SSO Artifact, SLO Redirect profiles only.
NameID:
- Email Address with mail as the attribute of the user.
- Unspecified with uid as the attribute of the user (default).
One set of keys/certificates for SAML operations.

OAM/Fed will be able to have specific SP Partner configuration:

SSO binding to be used.
NameID format and value to be used.
Extra attributes to be sent
- NameID value sent as an attribute: SP Partner will indicate the SAML Attribute name, and whether to send user's ID or email address.
- Static attribute value used by the SP during Assertion mapping operations: SP Partner will indicate the SAML Attribute name and its value.

Request

Supported Media Types

application/json
application/xml
text/xml

These parameters can be used for configuring SSO service

Root Schema : ConfigureSSOInput

Type: object

These parameters can be used to configure SSO service.

Show Source

idpLabelLoginPage(required): string

the label that will be used on the button to start Federation SSO on the Chooser Login page, when the customer uses disjoint population, where some must do Federation SSO and others must do local login for authentication (ONLY FOR OIF)
idpProviderID(required): string

provider ID for the IDP Partner
oamAdminHost(required): string

the hostname where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)
oamAdminPassword(required): string

the password for the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)
oamAdminPort(required): string

the port where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)
oamAdminUser(required): string

the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)
oamLogoutDoneURL(required): string

the URL where the user should be redirected after the logout is done (ONLY FOR OIF)
preverify(required): string

boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the Federation service is correctly configured before the changes are performed in a subsequent call.
spTenantName(required): string

the customers' tenant name in the targeted service
ssoChooser(required): string

indicates whether or not SSO should be enabled, true or false (ONLY FOR OIF)
ssoFederation(required): string

indicates whether or not SSO should be enabled

{
    "description":"These parameters can be used to configure SSO service.",
    "type":"object",
    "required":[
        "spTenantName",
        "idpProviderID",
        "preverify",
        "ssoFederation",
        "ssoChooser",
        "oamAdminUser",
        "oamAdminPassword",
        "oamAdminHost",
        "oamAdminPort",
        "oamLogoutDoneURL",
        "idpLabelLoginPage"
    ],
    "properties":{
        "spTenantName":{
            "type":"string",
            "description":"the customers' tenant name in the targeted service"
        },
        "idpProviderID":{
            "type":"string",
            "description":"provider ID for the IDP Partner"
        },
        "preverify":{
            "type":"string",
            "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the Federation service is correctly configured before the changes are performed in a subsequent call."
        },
        "ssoFederation":{
            "type":"string",
            "description":"indicates whether or not SSO should be enabled"
        },
        "ssoChooser":{
            "type":"string",
            "description":"indicates whether or not SSO should be enabled, true or false (ONLY FOR OIF)"
        },
        "oamAdminUser":{
            "type":"string",
            "description":"the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)"
        },
        "oamAdminPassword":{
            "type":"string",
            "description":"the password for the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)"
        },
        "oamAdminHost":{
            "type":"string",
            "description":"the hostname where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)"
        },
        "oamAdminPort":{
            "type":"string",
            "description":"the port where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)"
        },
        "oamLogoutDoneURL":{
            "type":"string",
            "description":"the URL where the user should be redirected after the logout is done (ONLY FOR OIF)"
        },
        "idpLabelLoginPage":{
            "type":"string",
            "description":"the label that will be used on the button to start Federation SSO on the Chooser Login page, when the customer uses disjoint population, where some must do Federation SSO and others must do local login for authentication (ONLY FOR OIF)"
        }
    },
    "xml":{
        "name":"ConfigureSSOInput"
    }
}

Response

Supported Media Types

application/json

200 Response

Root Schema : statusResponse

Type: object

Status Response

Show Source

status: integer(int32)

Status Code: 1 for success and 0 for failure
statusMessage: string

Status Message

{
    "description":"Status Response",
    "properties":{
        "status":{
            "type":"integer",
            "format":"int32",
            "description":"Status Code: 1 for success and 0 for failure"
        },
        "statusMessage":{
            "type":"string",
            "description":"Status Message"
        }
    }
}

400 Response

Bad Request.

500 Response

INTERNAL SERVER ERROR.