Progressing on our journey further in IDCS, this week we focused on the REST API capabilities and also integrated with Planning and Budgeting Cloud Service (PBCS). PBCS leverages SAML2.0 protocol for delegating authentication to IDCS. The test user needs to be created in both the systems, followed by the exchange of metadata files for the Identity and the Service Providers. The only challenge is to identify the correct values nameIdFormat and nameIdUserstoreAttribute when uploading the PBCS metadata file to IDCS. These two values are different for the service providers and in the case of PBCS the values needs to be
i. "nameIdUserstoreAttribute": "emails[work].value",
ii. "nameIdFormat": "saml-emailaddress",
The values for Eloqua were "nameIdUserstoreAttribute": "userName” and "nameIdFormat": "saml-unspecified".
The high level integration steps remain the same.
a) Create users in IDCS.
b) Create users in PBCS.
c) Extract Identity Provider metadata from IDCS and import in PBCS.
d) Extract Service Provider metadata from PBCS and import it into IDCS.
For a quick refresh of the steps a, c and d refer the article here.
The steps to import the identity provider metadata in PBCS is pretty straight forward and can be done by following the below steps.
1. Login to PBCS. Navigate to the users tab followed by SSO Configuration. Under SSO configuration, click on the edit tab to import the IDCS metadata file.
2. Click on save and verify the following values as per the below table.
- Issuer Id : https://yyyy.identity.oraclecloud.com/fed
- SSO Service URL : https://yyyyy.identity.oraclecloud.com/fed/v1/idp/sso
- Global Logout Enabled : Yes
- SAML Logout Request Service Url https://yyyyy.identity.oraclecloud.com/fed/v1/idp/slo
- SAML Logout Response Service Url : https://yyyyy.identity.oraclecloud.com/fed/v1/idp/slo
- SSO Protocol : HTTP POST
- User Identifier : User's Email Address contained in NameID
3. When uploading the Service Provider metadata in IDCS using the REST APIs, just make sure that the input contains the following parameters apart from other standard parameters..
a. "nameIdUserstoreAttribute": "emails[work].value" and
b. "nameIdFormat": "saml-emailaddress"
4. Once done, for testing purposes, use the Company sign-in button and key in your IDCS username/password when you get the IDCS login page. Post authentication, you should be redirected back to the PBCS home-page.
For any issues/questions or to see a quick demo please feel free to reach out to me at akumar@astcorporation.com.
No comments:
Post a Comment