Federation Single-sign-on (SSO) Set Up Issue for multiple IDPs (Doc ID 1989166.1)

Last updated on MAY 08, 2017

Applies to:

Oracle Fusion Global Human Resources Cloud Service - Version 11.1.8.0.0 and later
Information in this document applies to any platform.

Symptoms

Part of users can not logout fusion application. After they click logout, the next employee to use these terminals will see the previous persons personal information.

Deployment background:

   For current fusion cloud environment, Oracle only support single IDP for federation SSO. When customer have multiple IDP (i.e. IDP1 and IDP2), customer need route all requests to one IDP, which will be known by fusion SP.

An example setup using two ADFS IDP:
1.       The
IDP1 ADFS has a relying party Trust to Oracle Fusion
2.       There is a Claims Provider trust between
IDP2 ADFS and IDP1 ADFS, which will allows IDP2 users to be authenticated in Fusion through IDP1 ADFS.

From a User perspective:
1.       When a user logins to fusion through Companies SSO, they are first redirected towards a drop down to select Either
IDP2 or IDP1 ADFS.
2.       Once they select there appropriate IDP, they then need to enter there credentials.


Steps to reproduce:

1. first user login to fusion application by using IDP2, do some work
2. first user click logout
3. when second user come in, the system does not ask second user to login
so second user see first user's session

Same issue does not happen for users from IDP1

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms