Custom Actions 12-13 ■ Whether the SP should ask the IdP not to interact with the user during the SSO operation Boolean, identified by oracle.security.fed.sp.passive. This parameter is ignored if usedefault is true or missing. ■ The binding to use when sending the AuthnRequest String, identified by oracle.security.fed.sp.requestbinding. This parameter is ignored if usedefault is true or missing. Acceptable values are httpredirect, httpost, and httppostsimple depending on the protocol. ■ The binding to use when sending the response with the assertion String, identified by oracle.security.fed.sp.responsebinding. This parameter is ignored if usedefault is true or missing. Acceptable values are artifact or httpost depending on the protocol. ■ An optional authentication mechanism comparison specifying to the SP which authentication context comparison to request the IdP to use during authentication. String, identified by oracle.security.fed.sp.authnmechcomparison. This parameter is ignored if usedefault is true or missing. ■ The NameID format the SP will issue to the IdP for the SSO operation String, identified by oracle.security.fed.sp.nameidformat. This parameter is ignored if usedefault is true or missing. ■ Optional attributes to be requested from the IdP during the Federation SSO operation, for example when interacting with an OpenID IdP. The data is passed as a Map with Strings as keys and set of Objects as values identified by oracle.security.fed.sp.attributes. The values are optional, while the keys contain the attribute names.

12.4.2 Configuring Oracle Identity Federation for the Plug-in

To configure Oracle Identity Federation to forward the user to a pre-processing plug-in at the start of the SP federated SSO flow, set the following properties: ■ Create or set the web context property, referencing the web context where the custom JSP Page or servlet resides. This property is located in the serverconfig group of the Oracle Identity Federation configuration. Set the spcontext string property in serverconfig, default missing. ■ Set the relative path property referencing the path in the web context where the custom JSP Page or servlet resides. Set the sppath string property in serverconfig, default spstartsso. See Also: Section 10.4.2, Developing and Implementing the Integration Module for details about the data provided by the SP integration engine. Notes: ■ The plug-in must provide Oracle Identity Federation server with the data that was passed to it as part of the SP federated SSO flow; this consists of attributes that were set on the HttpServletRequest object. ■ The plug-in can modify all attributes that were set on the HttpServletRequest object except the oracle.security.fed.sp.engineid attribute.