Integrating Oracle Identity Federation 4-9

2. Navigate to Administration, then Service Provider.

3. Check the Enable Service Provider box.

4. For Default SSO Identity Provider, specify the IdP set up in Section 4.3.1.2, Register the Providers .

5. Click Apply.

4.3.1.6 Configure Oracle Identity Federation in SP Mode

Having generated the IdPSP metadata and registered those modules, the final task of configuring Oracle Identity Federation for the integration is to provide the Oracle Access Manager server details, so that Oracle Identity Federation can send assertion tokens and direct session management to Oracle Access Manager. The steps to achieve this are as follows:

1. Locate the Oracle Identity Federation instance in Fusion Middleware Control.

2. Navigate to Administration, then Service Provider Integration Modules.

3. Select the Oracle Single Sign-On tab.

4. Configure the page as follows:

■ In the Default SP Integration Module drop-down, select Oracle Single Sign On. ■ Check the Enable SP Module box. ■ Check the Logout Enabled box. ■ Configure these URLs: Login URL : http:oam_host:oam_portoamserverdapcred_submit Logout URL : http:oam_host:oam_portoamserverlogout where oam_host and oam_port are the host and port number of the Oracle Access Manager server respectively. ■ Set Username Attribute value to cn to match the Oracle Access Manager username attribute.

5. Click Regenerate.

This action generates a keystore file that contains the keys used to encrypt and decrypt the tokens that are exchanged between the Oracle Access Manager and Oracle Identity Federation servers. Be sure to save the keystore file using the Save As dialog. 4-10 Oracle Fusion Middleware Integration Guide for Oracle Access Manager 6. Copy the keystore file to a location within the installation directory of Oracle Access Manager.

4.3.2 Delegate Authentication to Oracle Identity Federation

As a result of performing the task in Section 4.2, Register Oracle HTTP Server with Oracle Access Manager , clients seeking access to a protected resource are directed to Oracle Access Manager for authentication. The final task in the integration procedure is to configure Oracle Access Manager to redirect the user to Oracle Identity Federation for authentication. The steps needed to achieve this are as follows:

1. Log in to the Oracle Access Manager Admin Console.

2. Select the Policy Configuration tab.

3. Protect the resource by selecting OIFScheme in the Authentication Scheme

drop-down.

4. Click Apply.

5. Update the authentication scheme.

In the Policy Configuration tab, in the Shared Components tree, select Authentication Schemes , then OIFScheme. Note: Make a note of the location, since you will need to refer to it later.