12 Setting Up Single Sign-On for Pricing Design Center

Learn how to set up a single sign-on (SSO) login method for Oracle Communications Pricing Design Center (PDC) using SAML.

SSO allows you to log in to applications using a single user name and password combination. You set up SSO for PDC by using SAML 2.0.

You can configure SAML authentication in a PDC domain using an Oracle Access Management service provider or an Oracle Identity Cloud Service (IDCS) service provider.

To implement SSO for PDC:

  1. Create a SAML authentication or identity assertion provider. See "Creating a SAML Authentication or Identity Assertion Provider".

  2. Create a SAML2 web single sign-on identity provider partner. See "Creating a SAML2 Web Single Sign-On Identity Provider Partner"

  3. Create a SAML authenticator. See "Creating a SAML Authenticator".

  4. Configure SAML2 on the administration server. See "Configuring SAML2 on the Administration Server".

  5. Generate a metadata file and publish it to all SAML identity providers. See "Publishing the Service Provider Metadata".

  6. Update the PDC deployment plan. See "Updating the Deployment Plan for PDC".

Creating a SAML Authentication or Identity Assertion Provider

The SAML assertion provider validates a client's identity by mapping a client-supplied token to a user name.

To create a SAML authentication or identity assertion provider:

  1. Log in to WebLogic Server Remote Console.

  2. Click Edit Tree, then Security, and then Realms.

    The Summary of Security Realms page appears.

  3. Click the myrealm link.

    The myrealm configuration page appears.

  4. Click Authentication Providers at the tree on the left side.

    A page with an Authentication Providers table appears.

  5. Click New.

    The Create a New Authentication Provider page appears.

  6. In the Name field, enter samlPDC.

  7. From the Type list, select SAML2IdentityAsserter.

  8. Click Create.

  9. Restart WebLogic Server.

Creating a SAML2 Web Single Sign-On Identity Provider Partner

To create a SAML2 web single sign-on identity provider partner:

  1. Log in to WebLogic Server Remote Console.

  2. Click Security Data Tree and then Realms.

    The Summary of Security Realms page appears.

  3. Click the myrealm link.

    The myrealm configuration page appears.

  4. Click Authentication Providers at the tree on the left side.

    A page with an Authentication Providers table appears.

  5. In the table, select samlPDC.

    The configuration page for samlPDC appears.

  6. Click Partners in the tree on the left side.

  7. Click New.

    The Create a new Identity Provider Partner page appears.

  8. In the Name field, enter WebSSO-IdP-Partner-1.

  9. From the Type list, select Web Single Sign-On Identity Partner.

  10. In the Meta Data File Name field, enter the name and the path to the XML file that contains the identity provider’s metadata.

  11. Click Create.

  12. Click WebSSO-IdP-Partner-1 at the tree on the left side.

  13. Click the General tab.

  14. In the General tab, turn on Enabled, Virtual User, and Process Attributes.

  15. In Redirect URIs, enter /pdc/*.

  16. Click Save.

Creating a SAML Authenticator

The SAML authenticator verifies the identity of users or system processes, and makes identity information available to PDC when that information is needed.

To create a SAML authenticator:

  1. Log in to WebLogic Server Remote Console.

  2. Click Edit Tree, then Security, and then Realms.

    The Summary of Security Realms page appears.

  3. Click the myrealm link.

    The myrealm configuration page appears.

  4. Click Authentication Providers at the tree on the left side.

    A page with an Authentication Providers table appears.

  5. Click New.

  6. In the Name field, enter samlPDCAuth.

  7. From the Type list, select SAMLAuthenticator.

  8. From the Control Flag list, select SUFFICIENT.

  9. Click Create.

  10. In the Authentication Providers table, click the DefaultAuthenticator, and change the Control Flag to SUFFICIENT.

  11. Click Save.

  12. In the Authentication Provider table, arrange the providers in the following order using the Move Down and Move Up buttons.

    • samlPDCAuth

    • samlPDC

    • DefaultAuthenticator

    • DefaultIdentityAsserter

    • Trust Service Identity Asserter

  13. Restart the Weblogic Server.

Configuring SAML2 on the Administration Server

To configure SAML 2.0 on the administration server:

  1. Log in to WebLogic Server Remote Console.

  2. Click Edit Tree, then Environment, and then Servers.

    The Summary of Servers page appears.

  3. In the Servers table, click the administration server.

    A page containing settings for the administration server appears.

  4. Click the Security subtab, and then the SAML 2.0 General subtab.

  5. In the Published Site URL field, enter http://pdc_hostname:port/saml2.

    where:

    • pdc_hostname is the PDC application host.

    • port is the port on which PDC is listening on.

  6. In the Entity ID field, enter samlPDC.

  7. Click Save.

  8. Click the SAML 2.0 Service Provider subtab.

  9. Turn on Enabled.

  10. Turn on POST Binding Enabled.

  11. From the Preferred Binding list, select HTTP/POST.

  12. In the Default URL field, enter http://pdc_hostname:port/pdc/faces/oracle/communications/brm/pdc/ui/pages/login.jspx.

    where:

    • pdc_hostname is the PDC application host.

    • port is the port on which PDC is listening on.

  13. Click Save.

  14. Restart WebLogic Server.

Publishing the Service Provider Metadata

To publish the service provider metadata:

  1. Log in to WebLogic Server Remote Console.

  2. Click Monitoring Tree, then Environment, and then Servers.

    The Summary of Servers page appears.

  3. In the Servers table, click the administration server.

    A page containing settings for the administration server appears.

  4. Click SAML 2.0 subtab.

  5. Click Publish metadata.

  6. In the File Name field, enter the full path and the name of the file.

  7. Click Done.

Updating the Deployment Plan for PDC

To update your deployment plan for PDC:

  1. Create a new plan.xml file with the PDC deployment plan, or edit your existing plan.xml file.

  2. In the file, add a logoutURL variable set to your identity provider (IDP) logout URL: 

    <variable-definition>    
   <variable>      
      <name>logoutUrl</name>      
      <value>IDP_LOGOUT_URL</value>    
   </variable>  
</variable-definition>

  3. Add the following module-override element: 

    <module-override>    
   <module-name>BPA.war</module-name>    
   <module-type>war</module-type>    
   <module-descriptor external="false">      
      <root-element>web-app</root-element>      
      <uri>WEB-INF/web.xml</uri>      
      <variable-assignment>        
         <name>logoutUrl</name>
         <xpath>/web-app/context-param/[param-name="loginURL"]/param-value</xpath>        
         <operation>replace</operation>      
      </variable-assignment>    
   </module-descriptor>   
</module-override>

  4. Save and close your plan.xml file.

  5. Redeploy the PDC application with your new plan.xml file.

For more information about updating and deploying your deployment plan, see the "Create and Use a Deployment Plan in Oracle WebLogic Server" tutorial.