ADFS Step-by-Step Guide: Federation with Oracle Identity Federation

Download (DOC, 449KB)

 

ADFS Step-by-Step Guide: Federation with Oracle Identity Federation 7
About This Guide 7
Prerequisites and Requirements 7
Step 1: Preconfiguration Tasks 9
Configure Connectivity 9
Establish IP Connectivity 9
Export an Oracle Identity Federation Token-Signing Certificate for Woodgrove Bank 9
Configure Name Resolution 10
Create Sample Users and Groups 11
Oracle Identity Federation as the account partner on oraweb.woodbrovebank.com 11
Oracle Identity Federation as the resource partner on oraweb.woodgrovebank.com 11
Configure Sample Web Applications 12
Enable SSL in Oracle HTTP Server 12
Create New Web Portal Sites 12
Create an Oracle Identity Federation Sample Application 14
Make Modifications to the Default Oracle Identity Federation Configuration 15
Update the “MyDomain” Entry in Oracle Identity Federation 15
Update the Oracle Identity Federation Server Port Number That Is Listed in the Server Configuration 16
Step 2: Configuring ADFS as the Account Partner and Oracle Identity Federation as the Resource Partner 17
Configure the Account Federation Service (ADFS) 17
Add Woodgrove Bank as a Resource Partner to the Federation Service 17
Configure the Resource Federation Server (Oracle Identity Federation) 18
Add the ADFS Token-Signing Certificate to the Oracle Identity Federation Keystore 18
Add a Destination Mapping 19
Add an A. Datum Domain 19
Add a Link for Initiating Federated Access 20
Step 3: Test Federation—ADFS as the Account Partner and Oracle Identity Federation as the Resource Partner 21
Step 4: Configuring Oracle Identity Federation as the Account Partner and ADFS as the Resource Partner 22
Configure the Account Federation Server (Oracle Identity Federation) 22
Create an Assertion Profile 22
Complete the ObMyGroups Attribute Configuration 23
Add a Trey Research Domain 24
Configure the Resource Federation Service 25
Add Woodgrove Bank as an Account Partner to the Federation Service 25
Add an Incoming Group Claim Mapping 26
Add Links for Initiating Federated Access 26
Step 5: Test Federation—Oracle Identity Federation as the Account Partner and ADFS as the Resource Partner 27
Appendix A: Alternative Account Mapping Approaches 28
ADFS as the Account Partner, Oracle Identity Federation as the Resource Partner 29
User-to-User Mapping with Alternative Identity Claims 29
Enable Alternative Identity Claims in ADFS 30
Configure User-to-User Mapping with Alternative Identity Claims 30
User-to-User Mapping with a Custom Claim 32
Configure an Outgoing Custom Claim in ADFS 32
Configure User-to-User Mapping with a Custom Claim in Oracle Identity Federation 33
Group-to-User Mapping 33
Create/Modify Sample Users and Groups 34
Configure an Outgoing Group Claim in ADFS 34
Configure Group-to-User Mapping in Oracle Identity Federation 35
Oracle Identity Federation as Account Partner, ADFS as Resource Partner 36
Claims-Aware Applications vs. Windows NT Token-Based Applications 36
Group-to-Group Mapping with Alternative Identity Claims 37
Enable Alternative Organization Claims for a Windows NT Token–Based Application 37
Configure Group-to-Group Mapping with Alternative Identity Claims in Oracle Identity Federation 38
Populate “Other” Subject Name Format 39
Group-to-User Mapping 40
Create/Modify Sample Users and Groups 41
Modify SharePoint Permissions 41
Enable Group-to-User Mapping in ADFS 42
Configure Group-to-User Mapping in Oracle Identity Federation 42
User-to-User Mapping with Identity Claims 43
Enable Alternative UPN Suffixes in Active Directory 44
Create/Modify Sample Users and Groups 44
Modify SharePoint Permissions 45
Configure User-to-User Mapping in Oracle Identity Federation 45
Populate “Other” Subject Name Format 47
Appendix B: Federated Single Logout 48
ADFS as the Account Partner, Oracle Identity Federation as the Resource Partner 48
Account Partner–Initiated Logout 48
Resource Partner–Initiated Logout 48
Test Federated Logout—ADFS as the Account Partner, Oracle Identity Federation as the Resource Partner 49
Oracle Identity Federation as the Account Partner, ADFS as the Resource Partner 50
Account Partner–Initiated Logout 50
Resource Partner–Initiated Logout 50
Test Federated Logout—Oracle Identity Federation as the Account Partner, ADFS as the Resource Partner 50
Appendix C: Preformatted Access Links That Skip Home Realm Discovery 51
ADFS as the Account Partner; Oracle Identity Federation as the Resource Partner 51
Oracle Identity Federation as the Account Partner, ADFS as the Resource Partner 52

Leave a Reply

Your email address will not be published. Required fields are marked *