Last updated on MARCH 08, 2017
Applies to:Oracle Identity Federation - Version 22.214.171.124.0 and later
Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Does Oracle Identity Federation 11gR1 / Oracle Access Manager Identity Federation 11gR2 support custom rules which can generate SAML in the format that can be read by the service provider?
In this requirement, an application requires Group & Role information details to be sent in a specific format in SAML, so that the application can interpret and display the details to users.
The OIF/OAM Identity Provider must generate an Assertion with attributes which are in particular format and that have to be generated at runtime or dynamically using some rules/plugins.
Rule 1 – Get LDAP Groups. This rule uses a script that retrieves all the groups the authenticated user is a member of.
Rule 2 – Transform the groups into IAM role ARNs. This rule uses the name of the group to create the principal/role pair, which has this format: ARN of SAML provider, ARN of role to assume. For arn:aws:iam::754665572868:saml-provider/OIF,arn:aws:iam::754665572868:role/AD-Prod-Users
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms