5-106 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation ■ Clear Cookie – If checked, resetting the Oracle Access Manager cookie is enough for Oracle Identity Federation to log the user out of the Oracle Access Manager domain. ■ Redirect to Logout URL - Check Redirect to Logout URL and fill in the URL if Oracle Identity Federation needs to redirect the user to a specific URL for Oracle Access Manager logout. The tab contains these fields needed to integrate Oracle Access Manager with Oracle Identity Federation: ■ Oracle Access Manager credentials needed to configure the policy domain ■ Oracle Identity Federation account information to enable that server to authenticate itself to Oracle Identity Federation For details about using these features, see Section 3.2.3.3, Integrate Oracle Access Manager as an SP Integration Module and Section 3.2.5, Oracle Identity FederationSP Authenticating to Oracle Access Manager . Updates you make on this tab are saved if you move to tabs for other authentication engines. When you are done, click Apply to save the changes, or Revert to reset the data to its previous state.

5.16.3 SP Integration module - Test SP Engine

Use this tab to configure SP integration for the test SP engine. The tab contains these fields: ■ Default SP Integration module - This is the module used for integration at the service provider. The list-box contains all the currently enabled engines; selecting an engine from the list makes it the default engine. Note: When the user needs to be redirected to an Oracle Access Manager URL for logout in case Oracle Access Manager needs to perform extra operations, you need to configure Oracle Identity Federation by checking the Redirect to Logout URL box, and entering the URL to which the user is redirected. When Oracle Identity Federation redirects the user to that URL, it appends a return URL as a query parameter; this is the Oracle Identity Federation URL to which the user is redirected after performing the extra Oracle Access Manager operations. The query parameter to be appended to the Oracle Access Manager logout URL is referenced by returnurl. Configuring Oracle Identity Federation 5-107 ■ Enable SP module - Check this box to enable the module, and uncheck the box to disable the module. If enabled, this module appears on the list of available modules in the list-box associated with Default SP Integration module. ■ Authentication mechanism - authentication mechanism that will be used to locally authenticate users if federated identities are used during federation SSO and if a federation record must be created during the SSO operation. Updates you make on this tab are saved if you move to tabs for other authentication engines. When you are done, click Apply to save the changes, or Revert to reset the data to its previous state.

5.16.4 SP Integration Module - Custom

Use this tab to configure SP integration for the custom SP engine. The tab contains these fields: ■ Default SP Integration module - This is the module used for integration at the service provider. The list-box contains all the currently enabled engines; selecting an engine from the list makes it the default engine. ■ Enable SP module - Check this box to enable the module, and uncheck the box to disable the module. If enabled, this module appears on the list of available modules in the list-box associated with Default SP Integration module. View SP integration modules Use the View button to organize the table of SP integration modules. You can change the column order of the display and specify which fields to include or exclude. The Reorder Columns dialog allows you to select any field and use the arrows to reposition it in the table. Add an Engine Click the Add button to add a new custom engine. You are asked to provide a unique engine name; an Engine ID is automatically generated. Once the engine is added, you can add this information: