Friday Aug 15, 2014

AuthnRequest Settings in OIF / SP

In this article, I will list the various OIF/SP settings that affect how an AuthnRequest message is created in OIF in a Federation SSO flow.

The AuthnRequest message is used by an SP to start a Federation SSO operation and to indicate to the IdP how the operation should be executed:

  • How the user should be challenged at the IdP
  • Whether or not the user should be challenged at the IdP, even if a session already exists at the IdP for this user
  • Which NameID format should be requested in the SAML Assertion
  • Which binding (Artifact or HTTP-POST) should be requested from the IdP to send the Assertion
  • Which profile should be used by OIF/SP to send the AuthnRequest message

Enjoy the reading!

[Read More]

Friday Aug 01, 2014

Integrating Google Apps with OIF / IdP

Google Apps provide a set of services that companies sometimes leverage for their day to day activities, which allow their employees to offload mail, calendar, document storage... in the Google cloud.

When a company purchases Google Apps for its employees, it needs to create user accounts in Google and provide the employees with their account information:

  • Username and password to access Google Apps
  • How to set/reset their password in Google Apps (initially, or if the password needs to be reset periodically)

Every time the user needs to access Google Apps, an authentication operation will take place where the user will enter the Google Apps credentials, which will be different from the on-premise company's user credentials.

Google Apps supports the SAML 2.0 SSO protocol as a Service Provider, where the Google Apps service for the company can be integrated with the on-premise Federation SSO IdP server in order to:

  • Provide true SSO capabilities for the user: the user authentication state is propagated from the on-premise security domain to Google Apps
  • Not force the user to manage and remember a different set of credentials
  • Allow the on-premise administrator to control more efficiently password policies locally.

In this article, I will describe step by step how to integrate Google Apps as an SP with OIF as an IdP via the SAML 2.0 SSO protocol.

Important note: enabling Federation SSO for a domain will also affect the administrators for that domain who will need to authenticate via Federation SSO thereafter.

Enjoy the reading!

[Read More]
About

Damien Carru is a member of the Oracle Identity Management organization, focusing on Federation and SSO. This blog will cover Federation use cases involving Oracle Access Manager, Oracle Identity Federation and Oracle Security Token Service

Search

Categories
Archives
« August 2014 »
SunMonTueWedThuFriSat
     
2
3
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today