Oracle Identity Federation – Configuration Settings and Provider Metadata

Relationships may co-exist between configuration settings and the provider metadata that the server generates. Some settings do not affect the metadata while others do. For example, changing the Session Timeout value does not affect the metadata, but changing the SOAP port will require the administrator to re-publish his metadata to the other trusted providers. Likewise, the administrator must be aware of changes to peer providers’ metadata.

Here is a list of properties that affect metadata:

  • Metadata Properties
    • Signing Metadata
    • Validity Period
  • Server Properties
    • Server Hostname
    • Server Port
    • SOAP Port
    • IdP Enabled
    • SP Enabled
    • SSL Enabled
    • Signing PKCS #12/JKS Keystore
    • Encryption PKCS #12/JKS Keystore
  • Common IdP Properties
    • ProviderID
    • SAML 2.0 Enabled
  • Common SP Properties
    • ProviderID
    • SAML 2.0 Enabled
    • Enable Attribute Requester Service
  • SAML 2.0 IdP Properties
    • Enable Protocol Profiles
    • Federation Termination Enabled
    • Register NameID Enabled
    • Attribute Responder Enabled
  • SAML 2.0 SP Properties
    • Enable Protocol Profiles
    • Federation Termination Enabled
    • Register NameID Enabled

The metadata URLs for the various protocols are in this format:

  • IdP metadata URL – http(s)://hostname:port/fed/idp/metadata?version=version
  • SP metadata URL – http(s)://hostname:port/fed/sp/metadata?version=version

where version can be saml20, saml11, saml10, lib11, or lib12.

Leave a Reply

Your email address will not be published. Required fields are marked *