Guide to Configure Oracle Access Manager as an Identity Provider(IdP) and Drupal as Service Provider(SP)

Step 1: Obtain the IdP metadata for SP configuration

Step 2: Configuring Drupal as Service Provider(SP)

  • In Drupal SAML SP module, go to Service Provider Setup tab. There are three ways to configure the module:
    • ADFS_sso By Uploading Oracle Access Manager Metadata File:

      • Click on Upload Metadata URL button.
      • Upload metadata file and click on Upload.

      ADFS_sso By Oracle Access Manager Metadata URL:

      • Click on Upload Metadata URL
      • Enter Metadata URL and click on Fetch Metadata.( such as IdPmetadata.xml)
      • ADFS_sso

      ADFS_sso Manual Configuration :

      • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
      • Identity Provider Name Enter your IdP name. For Example : Oracle Access Manager (Any)
        IdP Entity ID or Issuer You can find the EntityID in Your IdP-Metadata XML file enclosed in EntityDescriptor tag having attribute as entityID.
        SAML Login URL You can find the SAML Login URL in Your IdP-Metadata XML file enclosed in SingleSignOnService tag
        X.509 Certificate Enter your IdP name. For Example : Oracle Access Manager (Any)You can find the X.509 Certificate value in your IdP-Metadata file enclosed in x509certificate tag
        ADFS_sso

Step 3: Obtain the SP metadata for IdP configuration:

  • To obtain the Drupal SP metadata you need to provide when configuring Oracle Access Manager Suite Federation as an IdP, perform the following steps:
    • Go to the Service Provider Metadata tab of module and click on metadata URL and Save the metadata to a local file as spmeatadata.xml (you can put any name.)
    • ADFS_sso

Step 4: Enable Identity Federation in OAM Admin Console

  • Perform the following steps to enable Oracle Access Manager Federation:
  •        1) Go to the OAM Admin Console in a browser. The URL is of the form:                                                                 https://adminhost:adminport/oamconsole

           2) Authenticate using OAM Admin user credentials.

           3) From the Launch pad Navigate to: Configuration -> Available Services

           4) Enable Identity Federation.

    ADFS_sso ADFS_sso

Step 5: Configure the IDP, using Metadata from Drupal SP

  • To configure the IdP, perform the following steps:
    • 1) If necessary, copy the metadata file (spmetadata.xml) you obtained from the Drupal SP to the     environment where you are configuring the IdP.

      2) Return to the browser page containing the OAM Console, where you enabled Federation.

      3) Authenticate again if necessary.

      4) Navigate to Launch Pad > Identity Federation > Identity Provider Administration

      ADFS_sso 5) Click on Create Service Provider Partner.

      ADFS_sso 6) Enter a name such as Drupal SP (You can enter any name).

      7) Ensure Enable Partner is selected.

      8) Select SAML 2.0 as the protocol (which is the default).

      9) Select Load from Provider Metadata and click Load the Metadata and upload the Drupal SP     metadata (spmetadata.xml) that you copied from the Drupal SP UI.

      10) Specify the NameID Format Settings. What you specify depends on which attribute you use to      define the user.

    • If you define the user by the email address, use Email Address as the format. Configure the settings as follows:

      • a) Select Email Address as the Name ID format

        b) Select User ID Store Attribute as the Name ID Value

        c) Enter the User Attribute in the LDAP user record containing the user's email address. For     example, if Oracle Internet Directory or Oracle Unified Directory is the User Data Store, the     attribute is mail.

        ADFS_sso d) Click on Save.

      11) Click on Identity Provider Administration tab within OAM Console and under Search Service Provider Partners click on Search to make sure you can view Drupal SP (or your SP name).

      ADFS_sso

Step 6: Test federation SSO between OAM Identity federation and Drupal SP

  • To complete the testing, proceed as follows:
    • Return to the browser window of Drupal SP containing the Service Provider Setup tab. Click on Test Configuration button to test whether the configuration is successful or not.
    • To do SSO make sure the Enable Login with SAML option must be enabled. This option is under Service Provider Setup tab of the module.

Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.