Oracle Identity Cloud Service integrates with
Oracle Access Manager, or OAM, to create hybrid solutions that provide existing
on-premise users access to the cloud. In this video you’ll learn how to integrate
Oracle Identity Cloud Service with OAM to allow users to log in using federated single
sign-on. In a federated single sign-on environment,
users authenticate first with an identity provider, and then use an authentication token to access
content provided by a service provider. In this integration, we will configure OAM
as the identity provider which creates a SAML token for access to Oracle Identity Cloud
Service. The user from OAM is mapped to a user in Oracle
Identity Cloud Service, without the need to re-authenticate. First, we configure OAM as an identity provider
in Oracle Identity Cloud Service. Then, we configure Oracle Identity Cloud Service
as a service provider in OAM. Last, we test the federated login and enable
it. So let’s get started. In order to configure OAM as an identity provider, we need to export the SAML 2.0 metadata in
the OAM console. Next, we configure a new identity provider
in Oracle Identity Cloud Service and import the metadata file. The metadata file contains information, such
as endpoint URLs and signing certificates that allow trust to be established. We’re using the user’s email address as
the mapping attribute. This attribute is used to map the OAM user
to an Oracle Identity Cloud Service user. Oracle Identity Cloud Service supports the
SAML 2.0 federation standard as a service provider, and accepts the valid SAML token as a relying
party. Now that OAM is configured as a SAML partner
to Oracle Identity Cloud Service, we need to configure Oracle Identity Cloud
Service as a partner in OAM. Service providers are configured in OAM as
a partner under Identity Provider Management. We set the email address as the nameid value
in OAM for the partner. This attribute is used to map one, and only
one user in the Oracle Identity Cloud Service. Back in the Oracle Identity Cloud Service
console, we can now test the federation before enabling it. With an enabled identity provider, we can
also activate the login chooser. The login chooser allows us to authenticate
with either the identity provider or Oracle Identity Cloud
Service. With the comfiguration complete we now have
a choice when we log in to Oracle Identity Cloud Service. We click the identity provider link for a
federated login using SAML. When we click the link, we are redirected
to the identity provider for authentication. A SAML assertion is created and sent to Oracle
Identity Cloud Service in a browser POST operation. If the assertion is valid, we are mapped to
a user in Oracle Identity Cloud Service and authenticated there as that user. After login, the Identity Cloud Service home
page is displayed, confirming that the integration is fully functional. Since the Oracle Identity Cloud Service includes
the ability to edit your user profile and reset your password, we need to configure our user as a federated
user. A federated user can no longer change their
password on Oracle Identity Cloud Service. Federated users manage their passwords at
the identity provider. In this video, you have seen how the Oracle
Identity Cloud Service can be integrated with Oracle Access Manager. We configured Oracle Access Manager as an
Identity Provider for Oracle Identity Cloud Service. The completed configuration allows users to
first login to OAM as the identity provider, and then Oracle Identity Cloud Service using
their federated single sign-on token. This video is based on an Oracle By Example
tutorial on the Oracle Learning Library. Thank you for watching.

Implement Hybrid Access Management
Tagged on:                                                 

Leave a Reply

Your email address will not be published. Required fields are marked *