1. Administering Oracle WebCenter Sites
  2. Managing Users and Security
  3. Integrating WebCenter Sites with Oracle Identity Cloud Service (IDCS)
  4. Configuring IDCS as an Identity Provider

14.2 Configuring IDCS as an Identity Provider

When you configure IDCS as an identity provider, keep in mind that in IDCS values are case-sensitive.

To configure IDCS as an identity provider:
  1. Log in to the IDCS Admin Console.
  2. Go to Applications and click Add.
  3. On the Add Application page, choose SAML Application.
  4. On the App Details page, enter the following:
    Field name Value to be entered
    Name Enter a meaningful name for the application, such as Federation Sites Application.
    Description Enter a meaningful description, such as Sample application to showcase WLS Virtual Users/Groups.
    Application URL Enter the application URL in this format: https://<wsites-host>:<wsites-port>/sites
  5. Click Next to go to the next page.
  6. In the General section:
    Field name Value to be entered
    Entity ID Enter the entity ID such as s22.
    Assertion Consumer URL Enter the URL in this format: https:// <wsites-host>:<wsites-port>/saml2/sp/acs/post
    NameID Format Select UnSpecified from the drop-down list.
    NameID Value Select User Name from the drop-down list.
  7. In the Advanced Settings section:
    UI option Value to be entered or selected
    Signed SSO Select Assertion from the drop-down list.
    Include Signing Certificate in Signature Select the check box.
    Signature Hashing Algorithm Select SHA-256 from the drop-down list.
    Enable Single Logout Select the check box.
    Logout Binding Select POST from the drop-down list.
    Single Logout URL Enter the URL in this format: https:// <wsites-host>:<wsites-port>/sites/logout
    Logout Response URL Enter the URL in this format: https:// <wsites-host>:<wsites-port>/sites
  8. In the Group Attributes section:
    UI options Values to be entered or selected
    Name Enter a suitable name such as Groups.
    Format You must select the Basic format from the drop-down list so that the SAML Identity Asserter can pick up the group attributes when the SAML Assertion is posted back to the WebLogic Server.
    Condition You must select the All Groups condition from the drop-down list so that the SAML Identity Asserter can pick up the group attributes when the SAML Assertion is posted back to the WebLogic Server.
  9. In the Attribute Configuration section:
    UI options Values to be entered or selected
    Name Enter a suitable name such as Groups.
    Format You must select the Basic format from the drop-down list so that the SAML Identity Asserter can pick up the group attributes when the SAML Assertion is posted back to the WebLogic Server.
    Condition You must select the All Groups condition from the drop-down list so that the SAML Identity Asserter can pick up the group attributes when the SAML Assertion is posted back to the WebLogic Server.
  10. Click Finish, and then click Activate Application.
  11. Open the application page, and then go to the SSO Configuration tab.
  12. Click Download IDCS Metadata and save the IDCSMetadata.xml file.
  13. Users need to be assigned to applications in the IdP (IDCS) before they can authenticate to those apps. To assign individual users to the application, on the Application page, go to the Users tab and start assigning users using the Assign Users button.