Federation Single-sign-on (SSO) Set Up Issue for multiple IDPs
Last updated on MAY 08, 2017
Applies to:Oracle Fusion Global Human Resources Cloud Service - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Part of users can not logout fusion application. After they click logout, the next employee to use these terminals will see the previous persons personal information.
For current fusion cloud environment, Oracle only support single IDP for federation SSO. When customer have multiple IDP (i.e. IDP1 and IDP2), customer need route all requests to one IDP, which will be known by fusion SP.
An example setup using two ADFS IDP:
1. The IDP1 ADFS has a relying party Trust to Oracle Fusion
2. There is a Claims Provider trust between IDP2 ADFS and IDP1 ADFS, which will allows IDP2 users to be authenticated in Fusion through IDP1 ADFS.
From a User perspective:
1. When a user logins to fusion through Companies SSO, they are first redirected towards a drop down to select Either IDP2 or IDP1 ADFS.
2. Once they select there appropriate IDP, they then need to enter there credentials.
Steps to reproduce:
1. first user login to fusion application by using IDP2, do some work
2. first user click logout
3. when second user come in, the system does not ask second user to login
so second user see first user's session
Same issue does not happen for users from IDP1
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms