1. Integrate Oracle Identity Cloud Service with Oracle Access Manager as Identity Provider
  2. Configure Oracle Access Management as an Identity Provider

Configure Oracle Access Management as an Identity Provider

Configure Oracle Access Management (OAM) as an Identity Provider (IdP) in Oracle Identity Cloud Service to provide seamless SSO for your cloud application users. Users of your Oracle Identity Cloud Service protected cloud applications will be able to authenticate using their on-premises OAM credentials.

Creating a SAML 2.0 federation agreement involves exchanging metadata files to aid in configuring the IdP in Oracle Identity Cloud Service and the service provider in OAM. You then test the connection and add the IdP to the default identity provider policy.

After creating the federation agreement, you test the integration and mark users as federated.

Export SAML 2.0 Metadata from OAM

Export the SAML 2.0 Metadata from OAM. This metadata will later be used to add the IdP in Oracle Identity Cloud Service.

  1. In the OAM console, navigate to Configuration > Settings > View > Federation.
  2. Click Export SAML 2.0 Metadata and save the idp_metadata.xml file.
    You will use this file to register OAM as an IdP in Oracle Identity Cloud Service. Alternatively, you can access the OAM metadata file directly: https://oamhost:port/oamfed/idp/metadata.
  3. Save the idp_metadata.xml file.

Add an Identity Provider in Oracle Identity Cloud Service

Add an identity provider in Oracle Identity Cloud Service using the metadata file you exported from OAM. These steps assume you are using email address for the unique user attribute.

  1. In the Identity Cloud Service console, expand Navigation Drawer, expand Security and then click Identity Providers.
  2. Click Add SAML IDP.
  3. Enter a Name and Description for the identity provider and click Next.
    Use a name and description that can be easily identified by the users of the IdP authentication. You can optionally upload an icon that represents the OAM IdP.
  4. Select Import Identity Provider metadata.
  5. Click Upload, select the metadata file, idp_metadata.xml, you obtained from OAM and then click Open.
  6. Accept the default signature hashing algorithm and then click Next.
  7. Accept the default value of Name ID for Identity Provider User Attribute.
  8. Select Primary Email Address as Oracle Identity Cloud Service User Attribute.
  9. Select Email Address as Requested NameID Format, and then click Next.
    On the Map Attributes page you define the user attribute mapping between OAM, as the identity provider, and Oracle Identity Cloud Service.
  10. In the Service Provider Metadata field, click Download. Save the Metadata.xml file.
  11. Click Next.
  12. Click Finish.
You will test this IdP after configuring the service provider in OAM.

Register Oracle Identity Cloud Service as a Trusted Relying Party

Add a new service provider partner in Oracle Access Management (OAM) to make Oracle Identity Cloud Service a trusted relying party.

  1. In the OAM console, navigate to Federation > Identity Provider Management.
  2. In the Identity Provider Administration window, click Create Service Provider Partner.
  3. Enter a meaningful Name for the service provider partner. (for example, Oracle Identity Cloud Service).
  4. Click Browse and open the Metadata.xml file that you saved from Oracle Identity Cloud Service.
  5. For NameID Value select User ID Store Attribute and then enter your unique attribute, such as mail, for the attribute value.
    The user's unique attribute will be used to map the OAM user to the corresponding user in Oracle Identity Cloud Service.
  6. Click Save.

Test the Identity Provider Connection

Test the SAML IdP configuration in Oracle Identity Cloud Service.

  1. Login to the Oracle Identity Cloud Service console as an administrator.
  2. Expand Navigation Drawer, click Security and then click Identity Providers.
  3. Select Test from the drop down menu for the OAM identity provider you created.
  4. Login as a valid OAM user in the login window. This user must have a corresponding user with a matching unique attribute in Oracle Identity Cloud Service.
    If the test is successful, you will receive the message "Your connection is successful."
  5. Close the new window with the test results message.

Enable the Identity Provider

Enable the OAM Identity Provider in Oracle Identity Cloud Service.

  1. Login to the Oracle Identity Cloud Service console as an administrator.
  2. In the Identity Providers page, select Activate from the drop down menu for the OAM identity provider you created.
  3. Click Activate to confirm.
  4. If the Show on Login Page icon is not shown, select Show on Login Page from the drop down menu for the OAM identity provider.
  5. click Show to confirm.

Add the Identity Provider to the Default Identity Provider Policy

Add the identity provider to the default identity provider policy in Oracle Identity Cloud Service.

  1. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click IDP Policies.
  2. Click the Default Identity Provider Policy.
  3. Select the Identity Providers tab and then click Assign to add the new identity provider to this policy.
  4. In the Assign Identity Providers dialog, select the identity provider that you want to assign, and then click OK.
    The identity provider is displayed in the default identity provider Policy page.