Search here...
Help Center
< All Topics
Posted

Setting up a SAML Application in Oracle

Prerequisites

Your Prolaborate site should have a valid SSL Certificate.

If you don’t have a SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with Prolaborate team to know more about it.

Service Provider Configuration

To configure the Service Provider, click on Menu → SAML Settings.

From the top right of the page that opens, click on Enable SSO.

Enable SSO


Enable SSO
Enable SSO

Under Service Provider Configuration,

SP Configuration


SP Configuration
SP Configuration

  1. Name and Assertion Consumer URL will be prefilled. Note that these URLs will be used as ‘ Entity ID’ and ‘‘Audience URI (SP Entity ID)’’ in Oracle configuration respectively.
  2. Choose the .pfx file of your SSL certificate
  3. Enter the Password of the .pfx file

Configuring Prolaborate in Oracle

The following sections will elaborate the steps involved in setting up Prolaborate in Oracle.

Create a new SAML Application

To create a SAML application, follow the below steps:

  1. Log in your Oracle account as a user and Click on Admin console
Admin Console Login


Admin Console Login
Admin Console Login

2. Click on Add Application button

Add Application


Add Application
Add Application

3. In the Add Application window to click on SAML Application to create new application

Add Application


Add Application
Add Application

4. Add SAML Application page will appears.

App Details Tab

In the App Details section to provide values as per following instructions:

App Configuration 1


App Configuration 1
App Configuration 1

  1. In the Name field, enter your Application Name (say Prolaborate).
  2. In the Description field, enter fewer characters to provide a description of your Prolaborate.
  3. Click Upload to add an icon for your Prolaborate application.
  4. Application URL / Relay State field – You can leave these options.
  5. Click on Add to add App Links that are associated with the application. The Link window appears. 
Link


Link
Link

6. In the Link window to provide values for the following fields:

7. In the Name field, enter the App Link name.

8. In the Link field, enter the URL used to access the application.

9. Click Upload to upload an icon.

10. Select Visible check box if you want your application to appear automatically on each user’s My Apps page.

11. Click on Save.

12. In the Custom Login URL you can leaves this field blank.

13. In the Custom Error URL you can leaves this field blank

14. In the Linking callback you can leaves this field blank

Custom Login


Custom Login
Custom Login

15. In the Display Settings section to enable the User can request access and click on Next at top right side of the page

Display Settings


Display Settings
Display Settings

SSO Configuration Tab

Click on SSO Configuration Tab to define SSO attributes.

  1. In Step 1, General section of the SSO Configuration 
SSO Configuration


SSO Configuration
SSO Configuration

In the General section of the SSO Configuration page, define the following:

  1. Fill ‘Entity ID’ and ‘Assertion Consumer URL’ fields from Prolaborate Service Provider Configuration as stated above (In section Service provider Configuration).
  2. NameID Format: Select the type of format to use Email address. The service provider and the identity provider use this format to easily identify a subject during their communication.
  3. NameID Value: Select the NameID Value as Primary Email to identify the user that is logged in.
  4. Signing Certificate: Upload the .cer certificate file is used to encrypt the SAML assertion.

2. In Step 2, Advanced settings section of the SSO Configuration

Advanced Settings


Advanced Settings
Advanced Settings

Advanced Settings section of the SSO Configuration page, define the following:

  1. Signed SSO: Select Assertion and Response option from drop down list at Signed SSO field and Enable Include Signing Certificate in Signature .
  2. Enable Single Logout: Select to configure SAML single logout. Single logout enables a user to lot out of all participating sites in a federated session almost simultaneously. This check box is selected by default.
  3. Logout binding: Select log out request is sent as POST (transported in HTML form-control content, which uses a base-64 format). This list box appears only if you select the Enable Single Logout check box.
  4. Single Logout URL: Open the Identity Provider Metadata Xml file to copy the Single Logout Service URL with SP configuration like below image.
Logout SP


Logout SP
Logout SP

5. Logout Response URL: Enter the URL from Service Provider Name field of your Prolaborate with this URL ?/SAML/SLOService.aspx.

3. In Step 3, Attribute Configuration section of the SSO Configuration

  1. Attribute Configuration: Expand Attribute Configuration on the SSO Configuration page to add user-specific and group-specific attributes to the SAML assertion. Click on plus(+) symbol to add the attributes.
    1. Attribute Configuration should be configured as below:
Attribute Name Value
firstname First Name
lastname Last Name
username User Name
email Primary Email
Attribute Configuration


Attribute Configuration
Attribute Configuration

2. Enter the Attribute Configuration details and Click on Save.

4. In Step 4, Download the certificate file 

Download Certificate


Download Certificate
Download Certificate

  1. Download Identity Provider Metadata: Click on Download Identity Provider Metadata to download the metadata file in XML format.
  2. Download Signing Certificate: Click on Download Signing Certificate to download the certificate file in PEM format.
  3. Click on Activate to activate the Prolaborate application. 
Activate Application


Activate Application
Activate Application

4. In Activate Application window appear and click on Activate Application.

Users Tab

Click on Users tab in your Oracle Account to assign the user

  1. Click on Assign Users button.
Assign User


Assign User
Assign User

2. Select the users to whom to give access to Prolaborate and Click Ok.

Assign User


Assign User
Assign User

3. The users whom we have selected will now show up in Users tab. 

User List


User List
User List

Identity Provider Configuration

Go back to Prolaborate, click on Menu → SAML Settings.

IDP Configuration


IDP Configuration
IDP Configuration

Fill the Identity Provider Configuration as per the instructions below:

  1. Select your Identity Provider as Others.
  2. Fill Name using Identity Provider Entity id availed from from Identity Provider Metadata Xml file (Refer to section SSO Configuration tab).
IDP Name Field


IDP Name Field
IDP Name Field

3.Fill Sign In URL using Your SAML application link address at Oracle as per instruction below.

  1. Open Prolaborate application in an Oracle user account and copy the application link address then paste to Sign in URL field in your Prolaborate Identity provider configuration.
  2. Click on My Apps to log in your Oracle account as a user with User Sign in URL. 
User Login


User Login
User Login

3. Click on Add.

Add App


Add App
Add App

4. Select Application and Click on Add (+) symbol to your Prolaborate application.

Add Prolaborate


Add Prolaborate
Add Prolaborate

5. Give justification as Prolaborate and click on OK.

Justification


Justification
Justification

6. Copy your Prolaborate application link address. 

Sign In


Sign In
Sign In

7. Paste the URL to Identity Provider Configuration Sign in URL field of your Prolaborate Identity Provider configuration.

4. Fill Sign Out URL using Identity Provider Single Logout Service availed from from Identity Provider Metadata Xml file (Refer to section SSO Configuration tab).

Sign Out IPD


Sign Out IPD
Sign Out IPD

5. Choose the converted .cer Certificate file from Oracle Configuration (Refer to section SSO Configuration tab). If you don’t know how to convert it, then follow the below instructions.

  1. Open ssl.exe (32bit) and run a below query in openssl command prompt.
  2. The .pem file placed at open ssl bin folder.
  3. openssl x509 -outform der -in your-cert.pem -out your-cert.crt. 
Open SSl


Open SSl
Open SSl

4. The Converted file to be saved at same open ssl bin folder.

Enter the Identity Configuration fields in your Prolaborate SAML Settings and Click on Save.

Default Access Control Profile

Click on Manage Profiles to create a new profile.

Click on Create Profile.

Access Control Profile


Access Control Profile
Access Control Profile

Give a Name to the Profile and configure permissions.

This is the permission that will be provided to all the users logging into Prolaborate using their SSO credentials.

You can choose any one of the following options:

  1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories
  2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Click Save.

Now, go back to SAML Settings page.

Select the newly created profile and click Save.

Log in with oracle Credentials

Once the configuration is done, your users will start to see a new button on the login page called Login with SSO .

When they click on Login with SSO,

Login with SSO


Login with SSO
Login with SSO

They will be redirected to an URL as per configuration. They can then give their Oracle credentials to login to Prolaborate.

Oracle Login


Oracle Login
Oracle Login

You will be redirected to Prolaborate successfully if the configuration is done right as said in the document.

Note the Repositories you see will be based on Default Access Control Profile

Repositories


Repositories
Repositories

Logging out from Prolaborate

When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session.

sparxsystems-logo-inverted

Africa
Asia
Europe
Middle East
North America
Oceania
South America

Follow Us On

Start Here
Solutions
Customers
Resources
© Copyright 2024 | All Rights Reserved
Sparx Systems | EULA | Privacy Policy | Compliance and Trust
Book a Demo