1. Installer Property File
  2. Creating Property File for Oracle FLEXCUBE Installer
  3. Setting Single Sign on

1.4 Setting Single Sign on

Figure 1-13 Setting Single Sign on


Description of Figure 1-13 follows
Description of "Figure 1-13 Setting Single Sign on"

You can specify the following details in this screen:

Table 1-5 Single Sign on

Field Description
SSO Required Select this check box to enable single sign-on (SSO). If you select this check box, you need to enter the SSO Key.
SSO Type This is disabled. This is enabled on selecting SSO Required Flag. Specify the SSO Type from the list of following:
  • DEFAULT
  • TOKEN
  • SAML
  • IDCS Token
  • DEFAULT - This option is the default scenario where the External SSO system needs to send the SSO UserID mapped to the application userID in the SSO_KEY parameter. For Example: 1• If SSO_KEY maintained is DN and SSO_USERID is fcubsuser@oracle.com then the SSO system needs to send SSO USERID in the DN parameter when a request is sent to the application. • The SSO UserID needs to be maintained in the LDAP_USER field of the User Maintenance screen –SSDUSRDF- Refer to section 2.10 Common Core Security Management System User Guide
  • TOKEN - This option needs to be selected if Custom implementation is required for SSO authentication in the application’s Select this option to invoke AuthenticateCustomToken.class when the application login is performed. The required custom implementation method for SSO/SAML needs to be done in the custom class. Exec File Path: INFRA\FCJNeoWeb\war\WEBINF\classes\com\ofss\infra\sso\AuthenticateCustomToken.class can be referred for the method details. Note: Configuration details on the External SSO system will not be provided/available as part of Application documentation. This needs to be checked with the respective SSO provider.
  • SAML - By default, ‘DEFAULT’ optionis selected; however, you can change it. IF SAML is selected, SAML details table below will be enabled .Please enter SAML details such as Certificate Path, password, alias and valid audience. This option needs to be selected if SSO -SAML authentication is required. In this case, the external system needs to send the SAML request XML in the SSO_KEY parameter. The application will validate the SAML signature using the certificate Path & password. In addition, the SAML Audience value provided should be the same in the SAML request sent to the application. Note: After the successful SAML validations, the application will allow you to log in with the userID sent in the SAML request. The SAML UserID send in the SAML request needs to be maintained in the LDAP_USER field of the User Maintenance screen – SSDUSRDF- Refer to section 2.10 of Common Core Security Management System User Guide.
  • IDCS Token - This option needs to be selected if Oracle Identity Cloud Service(IDCS) is used as the Identify & Access management system in cloud deployments.
SSO Signoff Configurations The below section details the options available to do SSO signoff when the user has logged off from the application
Select the SSO signoff check box to enable the below fields
  1. SSO_SIGNOFF_URL: The External SSO logout URL which needs to be invoked after application logoff needs to be configured here. Example: https:///oam/server/logout”
  2. SSO_SIGNOFF_POST_RD_URL : This is applicable only if IDCS is used as IAM system. The URL/Context path which needs to be navigated post SSO signoff needs to be configured here. Example: “/FCJNeoWeb”
  3. SSO_REQ_PARAM_KEYS: This is applicable only if IDCS is used as an IAM system. The keys required for the IDCS token validation need to be specified here as comma-separated. Example: “idcs_service_url,idcs_remote_user,idcs_user_assertion

    Figure 1-14 SSO signoff

    Description of Figure 1-14 follows
    Description of "Figure 1-14 SSO signoff"

Note:

Note that the Application will only invoke the configured SSO logout URL when the user is logging off the application. The application will not perform any other action for SSO logout.
SSO KEY Specify the SSO key. If you have selected the check box SSO Required, it is mandatory to specify the SSO key. By default the value is DN.

If you select the SSO required check box, the Installer skips the following two screens and directly navigate to the SSL screen shown below in this manual.

If you are not selected the SSO required check box, then on clicking the Next button, the screen for enabling SSL options is displayed.
External Password Required Select this check box to allow the user-login using MSAD/LDAP password irrespective of the user ID. If you check this box, the user ID can be either the MSAD/LDAP/ user ID or the FCUBS user ID. And the password can be MSAD/LDAP/ server password only.

If LDAP is selected, table related to LDAP is enabled. Enter LDAP server URL, SSL enabled, Security authentication type, Domain Name, and LDAP Server timeout details.

By default, this check box is deselected. However, you can change this.
External User Login Required Select this check box to enable user login using MSAD/LDAP/ user ID. If you select this box, the user can login using MSAD/LDAP/ server user ID as well as using FCUBS user ID.

If you do not select this check box, the user can login using FCUBS user ID only.

By default, this check box is deselected. However, you can change this.

Note:

Authentication Type is enabled if one of the above check boxes is checked.
Authentication Type Select the authentication type from the adjoining drop-down list. This is the type of external server that is used for authentication. This option is enabled only when External Password Required check box is selected. You can select one of the following options:
  • MSAD (Microsoft Active Directory)
  • LDAP (Lightweight Directory Access Protocol)
By default, MSAD is selected. However, you can change it.

Specify the following details.
Platform Security If the Platform Security box is checked for weblogic, the symmetric key is not stored in the property file for security reasons. If the Platform Security box is unchecked, the symmetric key is available in the property file and a warning message is displayed to the user.
SMS Security Key This field is used to capture the security key value if the Platform Security check box is checked.
SSL Enabled SSL Enabled is selected by default. Click Next and the next screen gets displayed.

Click Next and the next screen gets displayed.

Parent topic: Creating Property File for Oracle FLEXCUBE Installer