Deploying Oracle Identity Federation 3-31 ■ Use Default Configuration: If checked, Oracle Identity Federation will use the default configuration for the following properties: – Allow Federation Creation – SSO Response Binding – Name ID Format – Requested Authentication Mechanism – Authentication Mechanism Comparison If not checked, the following applies: – Allow Federation Creation: If not checked, the identity provider must not create a federation for the user, if one does not exist. Applies only to SAML 2.0 protocol – SSO Response Binding: This specifies the binding that the service provider will request the identity provider to use when sending the response. Applies only to SAML protocols – Name ID Format: This specifies the Name ID format that the service provider will request the identity provider to use when locating or creating a federation for the user. Applies only to SAML 2.0 protocol. – Requested Authentication Mechanism: This specifies the local authentication mechanism that the service provider will use. The service provider will map this local mechanism to a protocol-specific method, and specify this method in its authentication request to the identity provider. See Section 5.14.1, About Authentication Mechanisms . Applies only to SAML 2.0WS-Fed protocols. – Authentication Mechanism Comparison: If using SAML 2.0, specifies the comparator that the identity provider will use when determining the authentication mechanism to use. Options are: EXACT: the identity provider must use the requested authentication mechanism MINIMUM: the identity provider must use a mechanism that is at least as strong as the requested authentication mechanism BETTER: the identity provider must use a mechanism that is stronger than the requested authentication mechanism MAXIMUM: the identity provider must use a mechanism that is as strong as possible without exceeding the strength of the requested mechanism

3.2.7.3 Use the Test SP Engine with IdP-Initiated SSO

You can also use the test SP engine to test IdP-initiated Single Sign-On. In the service provider, simply enable the test SP engine and configure the default SP engine to be Test SP, and begin IdP-initiated SSO from the identity provider. The test SP engine will display the results of the Single Sign-On operation.

3.2.7.4 Test SP Engine Results

After Single Sign-On has been performed, the test SP engine displays the results of the operation, including: ■ SSO Authentication Result: whether the operation was successful. ■ User Identifier: the User ID of the user for which Single Sign-On was performed.