My Oracle Support Banner

Federation Single-sign-on (SSO) Set Up Issue for multiple IDPs (Doc ID 1989166.1)

Last updated on DECEMBER 03, 2019

Applies to:

Oracle Fusion Global Human Resources Cloud Service - Version and later
Information in this document applies to any platform.


Part of users can not logout fusion application. After they click logout, the next employee to use these terminals will see the previous persons personal information.

Deployment background:

   For current fusion cloud environment, Oracle only support single IDP for federation SSO. When customer have multiple IDP (i.e. IDP1 and IDP2), customer need route all requests to one IDP, which will be known by fusion SP.

An example setup using two ADFS IDP:
1.       The
IDP1 ADFS has a relying party Trust to Oracle Fusion
2.       There is a Claims Provider trust between
IDP2 ADFS and IDP1 ADFS, which will allows IDP2 users to be authenticated in Fusion through IDP1 ADFS.

From a User perspective:
1.       When a user logins to fusion through Companies SSO, they are first redirected towards a drop down to select Either
2.       Once they select there appropriate IDP, they then need to enter there credentials.

Steps to reproduce:

1. first user login to fusion application by using IDP2, do some work
2. first user click logout
3. when second user come in, the system does not ask second user to login
so second user see first user's session

Same issue does not happen for users from IDP1


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.