Configuring for eAuth Mode
You can configure the Oracle Identity Federation server to comply with the eAuth specifications. Most of the configuration is performed through Fusion Middleware Control, but the specifications require the presence of two attributes in the SSO assertion that can only be configured through the MBeans/WLST scripts:
the us:gov:e-authentication:basic:specVer attribute containing the version of the eAuth specifications supported by this server
the us:gov:e-authentication:basic:Sid attribute containing the session identifier of the user performing the single sign-on
To configure Oracle Identity Federation to set those two attributes (for a specific provider) and to set the value of the eAuth version, enter the WLST script environment for Oracle Identity Federation instance, and set the following properties if needed:
Set the eauthmodeenabled boolean property for the remote provider to true to enable the eAuth mode:
setFederationProperty(REMOTE_PROVIDER_ID,
'eauthmodeenabled', 'true', 'boolean')
##
## replace REMOTE_PROVIDER_ID with the identifier of the remote provider
Set the eauthversion string property from the idpglobal group to the value the Oracle Identity Federation server should use (2.0 for example):
setConfigProperty('idpglobal', 'eauthversion', '2.0', 'string')
No comments:
Post a Comment