Test the Federated Environment

Test the federation agreement by logging into Oracle Identity Cloud Service using OAM credentials.

After a successful test, you can mark users as federated. You can also troubleshoot a failed test if necessary.

Test the Integration

Test the IdP configuration in the Oracle Identity Cloud Service console.

1. Restart your browser and access the Oracle Identity Cloud Service console.
   The login page displays a new option to login using the OAM IdP.
2. Click the link to Sign In with Identity Provider. The OAM login page is displayed.
3. Sign in with a user that exists in both the OAM identity store and Oracle Identity Cloud Service.
4. The My Apps page for the logged in user is displayed.
5. On the top-right corner, click the user logo and select My Profile.
   The Oracle Identity Cloud Service home page is displayed.

Mark Users as Federated

Mark the test user as federated in Oracle Identity Cloud Service.

Users that use OAM to login to Oracle Identity Cloud Service should be flagged as federated. Federated users cannot change their passwords in Oracle Identity Cloud Service. These users will use OAM facilities for password changes.

1. Login to the Oracle Identity Cloud Service console as an administrator.
2. Click Users in the Dashboard or expand the Navigation Drawer and click Users.
3. Search for the user that you used for testing the OAM IdP login.
4. Select the user and set Federated to Yes.
5. Click Update User.
6. Logout of the console and login as the test user.
7. Note that on the My Profile page, you are not able to change the user's password.
   You can automatically mark users as federated with the Enable Federated Authentication setting in the identity bridge.
   The OAM Identity Provider integration is enabled and fully functional.

Troubleshoot the Integration

Troubleshoot the identity provider configuration in OAM and the Oracle Identity Cloud Service.

1. If the Connection Failed error message is displayed, click Show Assertion Details, and check the SAML error message (xml format).
2. Look for the messages under the <samlp:Status> and </samlp:Status> tags.
3. Check the OAM server logs under $DOMAIN_HOME/servers/oam_server1/logs. The log file names are oam_server1.out and oam_server1-diagnostic.log.
4. Check your configuration by reviewing the previous steps in this solution.
5. Repeat the test, using a network tracing tool such as the Google Chrome browser Developer tool, the SAML-tracer extention for Firefox, or Wireshark.