Disclaimer

Thursday, 5 June 2025

SAML - Security Assertion Markup Language

 

SAML (Security Assertion Markup Language) is an open standard used for Single Sign-On (SSO) and federated identity

In the Oracle ecosystem, SAML is commonly used to enable users to authenticate once and gain access to multiple Oracle and non-Oracle applications securely.


🔐 What is SAML?

SAML is an XML-based protocol used for exchanging authentication and authorization data between:

  • Identity Provider (IdP) – e.g., Azure AD, Okta, Oracle Identity Cloud Service (IDCS)

  • Service Provider (SP) – e.g., Oracle Fusion Applications, Oracle Analytics Cloud, Oracle E-Business Suite



🧱 SAML in Oracle – Where It's Used

Oracle ProductRole in SAMLExample
Oracle Identity Cloud Service (IDCS)IdPActs as IdP for SaaS and 3rd party apps
Oracle Access Manager (OAM)IdP/SPEnables SSO across Oracle and custom apps
Oracle E-Business SuiteSPIntegrates with external IdP for SSO
Oracle Cloud Infrastructure (OCI) ConsoleSPUses federated login via SAML to external IdP
Oracle Fusion Applications (ERP, HCM, etc.)SPSupports SAML federation with customer IdPs

🔄 How SAML SSO Works in Oracle

  1. User accesses Oracle application (e.g., Fusion, EBS, OCI Console).

  2. Oracle application redirects the user to the configured IdP.

  3. User authenticates at IdP (e.g., IDCS, Azure AD).

  4. IdP sends a SAML assertion (XML token) back to the Oracle app.

  5. The Oracle app verifies the assertion and grants access.

🔧 Key Components in Oracle SAML Setup

  • Metadata XML: Exchanged between IdP and SP to configure trust

  • Assertion Consumer Service (ACS) URL: Where SP receives the assertion

  • Entity ID: Unique ID of SP or IdP

  • NameID Format: Typically Email, UPN, or Username



✅ Benefits of Using SAML with Oracle

  • Centralized login (SSO)

  • Strong identity federation

  • Supports MFA at IdP

  • Seamless integration with enterprise identity systems



🔍 Example: SAML in Oracle Cloud Infrastructure (OCI)

To configure SAML SSO for OCI Console:

  1. Go to OCI Console > Identity > Federation.

  2. Click Add Identity Provider.

  3. Upload the IdP metadata (from Azure AD, Okta, etc.).

  4. Assign OCI groups to federated IdP groups.

  5. Test SSO login via the IdP.





at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Understanding SQL Plan Baselines in Oracle Database

  Understanding SQL Plan Baselines in Oracle Database SQL Plan Baseline is the feature in Oracle started from Database 11g that helps to pre...