Integrating with Third-Party Identity and Access Management Modules 10-21 ■ Authentication time as a Date object identified by oracle.security.fed.sp.authntime ■ Expiration time of the authenticated session as a Date identified by oracle.security.fed.sp.expirationtime ■ The authentication mechanism used to identify the user as a String identified by oracle.security.fed.sp.authnmech ■ The relay state as a String identified by oracle.security.fed.sp.relaystate ■ The contents of the assertion: the NameID, the issuer of the assertion and the optional attributes. Note: the content of the assertion is not passed as XML Data, that is the original assertion will not be passed back to the module. The data is passed as a Map with Strings as keys and Set of Objects as values identified by oracle.security.fed.sp.attributes. The extra data is referenced as: – orafed-nameid-value containing the Name ID value – orafed-nameid-qualifier containing the Name ID qualifier – orafed-nameid-format containing the Name ID format – orafed-providerid containing the Peer ProviderID – orafed-assertionid - the ID of the assertion – orafed-xmlmessage - the optional XML message containing the assertion See Section 6.13.2, Providing XML Message to SP Engine after SSO Completes for details. ■ The top status of the SAML Response as a String identified by oracle.security.fed.sp.topstatus ■ The low status of the SAML Response if any, as a String identified by oracle.security.fed.sp.lowstatus ■ The status message if any as a String identified by oracle.security.fed.sp.statusmessage ■ The ProviderID that created the SSO assertion as a String identified by oracle.security.fed.sp.providerid ■ The identifier of the SP engine that will process the above information identified by oracle.security.fed.sp.engineid ■ A String containing the Oracle Identity Federation identifier of the user session. Oracle Identity Federation is passing the sessionID of the user session to the SP engine, so that it can persist state linked to the user, and it can reference that data by using the sessionID value. Later on, when the logout flow is being executed, Oracle Identity Federation passes the sessionID that is being logged out to the engine, so that the engine can delete the data that was used for this user session. identified by oracle.security.fed.sessionid Authenticated Session Creation Using this data, the SP integration engine creates an authenticated session and redirects the user to the final target URL. If the service needs to set cookies, the cookie path must be set to . This is necessary because of the internal forwards between the Oracle Identity Federation and SP integration engine web applications; the users browser needs to send the cookies related to the SP integration engine, even when accessing only the federation server.