5 Replies Latest reply: Jun 2, 2011 8:34 AM by 866189 RSS

    Whitepapers

    nazlfc
      Hi,

      I was wondering if anyone has details of whitepapers about Oracle SSO working with SAML or WS Federation through Oracle Portal (not weblogic).

      Thanks
        • 1. Re: Whitepapers
          Asif M. Naqvi
          Hi,

          Which aspect are you particularly looking for. Have you seen documentations for IdMgmt 10.1.4? that may be useful too.

          you may also like to take a look at Oracle COREid. here is one such paper explaining features and functioning.
          http://www.oracle.com/global/kr/download/pdf/ofm/COREID_FEDERATION_WP.PDF

          kind regards,

          AMN
          • 2. Re: Whitepapers
            nazlfc
            Hi AMN,

            We are using Oracle Single Sign On to authenticate users in Oracle Portal that will allow our users to use e-learning content on Oracle ilearning. Currently people who are in our Oracle Internet Directory are using the portal to access content. We would also like to enable users from our partners from external organisations to use our portal. These users will probably exist on their own LDAP directory, so we need to know if Oracle Single Sign can be used with SAML alone. I understand the CoreID products (Oracle Identity Federation) and this is an option in the event that what I am looking for is not possible. I need to write a whitepaper to our management team to first demonstrate this or at least state that SAML will work instead of SSO (Can this be confirmed?, I think it can't)

            I think SAML must be used with SSO in a federated setup. Please can this be confirmed.

            Any advice will be appreciated.

            Thanks
            • 3. Re: Whitepapers
              Pmonaco-Oracle
              You need to use OIF at the oSSO site level. OIF will be installed at the [Service Provider (SP) side|http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25355/deployinstall.htm#CHDCBGDD].
              In this configuration, the SAML token will be used to map an existing identity (at your site) to the visitor, depending the role carried by the token sent by partner.
              It is the reponsability of your partners to authenticate users, manage identities (form a legal point of view) and, generate a valid SAML token (either by development, or by using a product like OIF, but in identity provider (IP) configuration, this time.

              Patrick.
              • 4. Re: Whitepapers
                Asif M. Naqvi
                nazlfc wrote:
                Hi AMN,

                We are using Oracle Single Sign On to authenticate users in Oracle Portal that will allow our users to use e-learning content on Oracle ilearning. Currently people who are in our Oracle Internet Directory are using the portal to access content. We would also like to enable users from our partners from external organisations to use our portal. These users will probably exist on their own LDAP directory, so we need to know if Oracle Single Sign can be used with SAML alone. I understand the CoreID products (Oracle Identity Federation) and this is an option in the event that what I am looking for is not possible. I need to write a whitepaper to our management team to first demonstrate this or at least state that SAML will work instead of SSO (Can this be confirmed?, I think it can't)

                I think SAML must be used with SSO in a federated setup. Please can this be confirmed.

                Any advice will be appreciated.

                Thanks
                Hi Nazlfc,

                I think for your case, Id Federation suits well as that would work across enterprises. Please check out this link for a recent white paper.
                http://www.oracle.com/wocportal/page/wocprod/ver-28/ocom/technology/products/id_mgmt/coreid_fed/pdf/identity_federation_wp_10gr3.pdf

                - Oracle SSO can be used with SAML alone?
                Perhaps, yes. perhaps using webservices integration it can be. Although, I have not used it yet or have seen it working in any environment, but if you look at WebService Security Integration in the Oracle WebServices Security Guide, then it says that the SSO authenticated identity can be propagated using SAML tokens across remote webservices. The question is, does it work on cross-domain systems too? I am not sure.

                Please see this link for detailed discussion.
                http://www.oracle.com/wocportal/page/wocprod/ver-28/ocom/technology/products/id_mgmt/coreid_fed/pdf/identity_federation_wp_10gr3.pdf

                - SAML will work instead of SSO. (?)
                Yes, for web cross-domain single-sign-on authentications.

                - SAML must be used with SSO in a federated setup. (?)
                No, I dont think so. see for instance the two common models of Id Federation implementation in the white paper mentioned above. You may just be working for example with ldap directory connected with OIF.

                You may also get some ideas if you post your question in the [Id Mgmt forum|http://forums.oracle.com/forums/forum.jspa?forumID=47].

                Hope that helps!

                AMN
                • 5. Re: Whitepapers
                  866189
                  I am trying to configure Secure Store Service (SSO replacement) in SharePoint 2010 and wondered if you had any luck with your project

                  Thanks,

                  Bob Nickols
                  x-rnickols@gpworldwide.com