Accéder au contenu principal

Configuring Oracle Cloud as the Service Provider with SimpleSAMLphp as IDP

In order to establish SSO between enteprise backend and Oracle Public Cloud, it's possible to use SimpleSAMLphp (Federation tool) as an in-house Identity Provider, and setup Oracle Cloud as the Service Povider.
Cf official documentation Managing Single Sign-On about the concept.
SSO relies on SAML 2.0 standard.

Tasks

At the Identity Server (IDP) level

  • Install Apache and PHP 5.3 +
  • Install SimpleSAMLphp
  • Just Follow documentation and yum install php53-mcrypt  instead php-mcrypt if linux complains about it.
  • Test with a simple SP provided with SimplePHPphp.
  • Don't forget to un-comment the example-userpass !
  • Export the metadata in a XML file

At the Cloud Service level

  • Import the previous metadata file
  • Accept default values and don't change anything.
  • At the IDP server level: 
    • Follow documentation Servive Provider Quickstart
      • Update the config/authsources.php with infos provided in the parameter pages (entity Id)
      • EntityID value must be the same value as Provider Id
      • Let's stay in http (vs https) mode for demo purpose
  • Test the SSO (cf output below)
  • enable it, only if test is ok.
Output Display after SSO test


Login page after enabling SSO


SimpleSAMLphp login page

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Oracle Documents Cloud Service - Using Upload File REST API

If the Upload File sample given in ODCS documentation is used "as is", we get a http 400 error. The syntax is strict and every blank line must be empty (no space character for instance). If we cust and paste the sample, there are residual space characters which must be removed. So, use this pattern instead: -----1234567890 Content-Disposition: form-data; name="jsonInputParameters" { "parentID": " " } -----1234567890 Content-Disposition: form-data; name="primaryFile"; filename="example.txt" Content-Type: text/plain Hello World! -----1234567890-- instead the original one: -----1234567890 Content-Disposition: form-data; name="jsonInputParameters" { "parentID":"FB4CD874EF94CD2CC1B60B72T0000000000100000001" } -----1234567890 Content-Disposition: form-data; name="primaryFile"; filename="example.txt" Content-Type: text/plain -----1234567890-- Tests can be...
3 commentaires
Lire la suite

Streaming mp3 fromVLC / Icecast to Android

Here are some tips for streaming music to android mobile devices from a PC. Platform which has been used fo test: Ubuntu 11.10 oneiric + a NAS for storing music (windows can fit as well) Videolan VLC 1.1.12 (providing mp3 flow) icecast 2.3.2 (shoutcast radio) Winamp 1.2.12 for Android mobile(music player) Android-vlc-remote for Android (remote control for VLC) Start icecast server icecast2 -c icecast.xml The icecast xml config file is the original one. don't modify anything at this stage.  Setup VLC in order to stream mp3 instead ogg format Close VLC Prepare a playlist (ie: scarlatti.m3u) with Banshee or whatever. Launch VLC in command line vlc scarlatti.m3u --sout '#standard{access=shout,mux=ogg,dst=source:hackme@192.168.0.3:8000/scarlatti}' --sout-keep --extraintf=luahttp --fullscreen --http-album-art     Check that icecast is displaying a mount point for the new radio Check the HTTP...
Enregistrer un commentaire
Lire la suite

Oracle Sites Cloud Service - Adding authentication to a site

With Oracle Sites Cloud Services, access to any site is Public, by default. If you have to add authentication, there is a very simple way to achieve it: First, we assume that authentication will be against the existing Identity Domain provided with the tenant. In a dedicated page of a site, called Login for instance, we add an App component which embeds an URL to any folder of Documents Cloud Service. ie: App URL =  https://documents.XX.oraclecloud.com/documents/ embed /home/nameasc Note that the URL will be called with the EMBED keyword . Then we add the App component is a region, and  we setup a height=1 and a width=1 (almost invisible). That's all. Each time a user will navigate to this custom   Login Page, and if the user is not yet authenticated, a new page will splash on the screen, asking for credentials. Once login and pasword are provided by the user, the page disapears and return to custom Login page. Optionnaly it's possible to add a dedicate...
Enregistrer un commentaire
Lire la suite