Server Administration 4-5 ■ Run the tar command on all components, including the Oracle Identity Federation folder under the managed server, and the RDBMS data files that Oracle Identity Federation is using. For example: tar cvzf oif11_backup oif_folder

4.2 Common Tasks

This section describes common services provided by Oracle Identity Federation for administrators and peer users. It explains these tasks: ■ Obtain Server Metadata ■ Obtain Server Certificates ■ Perform SP-initiated Single Sign-On ■ Perform IdP-initiated Single Sign-On ■ Launch the Logout Process ■ Set Signature Verification Certificate Property SAML 1.x ■ Perform SP-initiated Single Sign-On SAML 1.x ■ Send Attribute Requests and Queries SAML 1.x ■ Send Authentication Queries SAML 1.x

4.2.1 Obtain Server Metadata

The Oracle Identity Federation metadata can either be retrieved from Oracle Enterprise Manager Fusion Middleware Control or by directly accessing a URL. To retrieve the metadata from Fusion Middleware Control:

1. Navigate to Oracle Identity Federation, then Administration, then Security and

Trust , then Provider Metadata. 2. Select the provider type and the version of the Oracle Identity Federation metadata to be created.

3. Click Generate.

To get the Oracle Identity Federation IdP metadata, go to a URL of the form: http:host:portfedidpmetadata To get the Oracle Identity Federation SP metadata, go to a URL of the form: http:host:portfedspmetadata Sample IdP Metadata The following is a sample of metadata for a server that has SSO Identity Provider, Attribute Authority, Authentication Query and Assertion ID Responder features enabled: md:EntityDescriptor xmlns:md=urn:oasis:names:tc:SAML:2.0:metadata ID=id-PmHsOU3mD8zEyjDo0QbyelE5oxY- entityID=https:sta00534.us.oracle.com:7002fedidp validUntil=2009-05-24T15:48:15Z md:IDPSSODescriptor WantAuthnRequestsSigned=false protocolSupportEnumeration=urn:oasis:names:tc:SAML:2.0:protocol 4-6 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation md:KeyDescriptor use=signing dsig:KeyInfo xmlns:dsig=http:www.w3.org200009xmldsig dsig:X509Data dsig:X509CertificateMIICIzCCAYygAwIBAgIBJTANBgkqhkiG9w0BAQQFADA1MTMwMQYDVQQDEypz dGEwMDUzNC51cy5vcmFjbGUuY29tIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMDkwMTEzMjMwMTE2WhcNMT AwMTEzMjMwMTE2WjA1MTMwMQYDVQQDEypzdGEwMDUzNC51cy5vcmFjbGUuY29tIFNpZ25pbmcgQ2VydGlm aWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI7X7J6A057NEBgTnCYussaz6E3IY6JsgAYOiX HfwunEv6zRZnpdVlZIRUyT+NNULSfk+PLbQUNCg8yQdJeSNYkQ4BId+yyUDcYC447nhHa37uLKM7aWyAX c6AeffC6CSEs0yZltgU2nIxJh9tLhPe5hzf0QjSImyXRvjS6nDAgMBAAGjQzBBMA8GA1UdEwEBwQFMA MBAf8wDwYDVR0PAQHBAUDAwfwADAdBgNVHQ4EFgQUmZ8T7GkFv2VZB+FogX99DIvodTswDQYJKoZIhvcN AQEEBQADgYEAbMGoZzjo9Bfaua3wiRh3LyMeahdoHv5S67JPAWNXrvQUxKjvYH0QR2oTnD+Rf3hIhi6Tjw y4oP9YrcADiChp8tqckrBnR3L1aEErLXGau6r++aPwslasuysNfbEoHrGJ1m+3K9DXGYYkGKdKgW9Dgg8 MObZshDxd7xUm557QO8= dsig:X509Certificate dsig:X509IssuerSerial dsig:X509IssuerNameCN=sta00534.us.oracle.com Signing Certificatedsig:X509IssuerName dsig:X509SerialNumber37dsig:X509SerialNumber dsig:X509IssuerSerial dsig:X509SubjectNameCN=sta00534.us.oracle.com Signing Certificatedsig:X509SubjectName dsig:X509Data dsig:KeyInfo md:KeyDescriptor md:KeyDescriptor use=encryption dsig:KeyInfo xmlns:dsig=http:www.w3.org200009xmldsig dsig:X509Data dsig:X509CertificateMIICPDCCAeYCEC5V26OFPaoDxzAazNs8UBwwDQYJKoZIhvcNAQEEBQAweTEL MAkGA1UEBhMCVVMxEDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15VG93bjEXMBUG A1UEChMOTXlPcmdhbml6YXRpb24xGTAXBgNVBAsTEEZPUiBURVNUSU5HIE9OTFkxEzARBgNVBAMTCkNlcn RHZW5DQUIwHhcNMDgxMTE4MjAwNzE4WhcNMjMxMTE5MjAwNzE4WjCBhTELMAkGA1UEBhMCVVMxEDAOBgNV BAgWB015U3RhdGUxDzANBgNVBAcWBk15VG93bjEXMBUGA1UEChYOTXlPcmdhbml6YXRpb24xGTAXBgNVBA sWEEZPUiBURVNUSU5HIE9OTFkxHzAdBgNVBAMWFnN0YTAwNTM0LnVzLm9yYWNsZS5jb20wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAMJCDgD00LDSUdWT0SznaU35ZkeQD2Ql6hvtoGcs8MfQpOMyzM3C9GDlK 9+0JpN+7EFGQsCCezFVEX6lMzWdkvdGhbTUJ8FI32QZ6FPkFItZrnfOS6eDpxcPsnv33rPVQ+ccRvj7BK +sn24PEeV5rt3xF1cGuHGr57tLtUa01AgMBAAEwDQYJKoZIhvcNAQEEBQADQQAChW8nbopN0FTyZRcVOT ZKUlklHXf5X8Xi4gh2OIkkr7q9kjFlfI60SQZoDnThn1sGZPPbtPGEwRevpqv7cI dsig:X509Certificate dsig:X509IssuerSerial dsig:X509IssuerNameCN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=USdsig:X509IssuerName dsig:X509SerialNumber61590287842211333696140797217026625564dsig:X509SerialNumb er dsig:X509IssuerSerial dsig:X509SubjectNameCN=sta00534.us.oracle.com, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=USdsig:X509SubjectName dsig:X509Data dsig:KeyInfo md:EncryptionMethod Algorithm=http:www.w3.org200104xmlencrsa-1_ 5 md:EncryptionMethod Algorithm=http:www.w3.org200104xmlencaes128-cbc md:EncryptionMethod Algorithm=http:www.w3.org200104xmlencaes192-cbc md:EncryptionMethod Algorithm=http:www.w3.org200104xmlencaes256-cbc md:EncryptionMethod