Scribd
Upload
23 views21 pages

Configuring Microsoft ADFS For Oracle Fusion Expenses Mobile Single Sign

This document outlines the steps required to configure Microsoft ADFS for enabling single sign-on for the Oracle Fusion Expenses mobile application. It includes prerequisites, setup steps for the ADFS server, and instructions for registering the Relying Party Trust, configuring claim rules, exporting the STS token signing certificate, and notifying Oracle Support. Successful completion of these steps ensures that the ADFS server generates a SAML assertion accepted by the Fusion cloud server.

Uploaded by

Andreea Jugrestean
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views21 pages

Configuring Microsoft ADFS For Oracle Fusion Expenses Mobile Single Sign

This document outlines the steps required to configure Microsoft ADFS for enabling single sign-on for the Oracle Fusion Expenses mobile application. It includes prerequisites, setup steps for the ADFS server, and instructions for registering the Relying Party Trust, configuring claim rules, exporting the STS token signing certificate, and notifying Oracle Support. Successful completion of these steps ensures that the ADFS server generates a SAML assertion accepted by the Fusion cloud server.

Uploaded by

Andreea Jugrestean
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile

Single Sign-On

To enable single sign-on for Fusion Expenses mobile application, you must perform the following steps
on your ADFS server. The setup is performed to configure the ADFS server to generate a SAML assertion
that is accepted by the Fusion cloud server. After you perform the following steps, you must notify
Cloud Operations by logging a service request to complete the necessary steps on your cloud servers.

Prerequisite
Your cloud server is enabled for single sign-on for your Fusion Cloud desktop applications and you have
verified that single sign-on is working correctly.

Setup Steps
The STS must be configured to accept a token request containing the following from the mobile
Expenses application and provide a response.

 Token type is SAML 1.0 or above

 Key Type is Bearer

 Applies to a specific end point reference

The setup steps are as follows:

1. Verify that the endpoint for SAML assertion service (UsernameMixed) is enabled. This endpoint
is for UsernameToken with transport protection (SSL).

Oracle Corporation Page 1


ADFS -> Service -> Endponts

2. Register the Relying Party Trust for expenses mobile service (https://<financials
domain>/finExmSharedCommon/ExpenseMobileService). Your financials domain name can be
obtained from the URL that you see on the browser when you access the Expenses work area.

 Navigate to Trust Relationship and right click. Select Add Relying Party Trust.

 Under Select Data Source, select the option Enter data about relying party
manually.

 Under Choose Profile, select ADFS 2.0 Profile.

 Under Configure Identifiers, enter Relying party trust identifier as follows:


https://<Fusionfinancialsdomain>:443/finExmSharedCommon/ExpenseMobileServic
e. Click Add. The identifier is constructed as follows:

o Your financials domain name can be obtained from the URL that you see on
the browser when you access the Expenses work area.

o Port number must be 443. For example, the URL can be as follows.
https://example-
fin.oracle.com:443/finExmSharedCommon/ExpenseMobileService

 Under Choose Issuance Authorization Rules, select the option Permit all users to
access this relying party.

Oracle Corporation Page 2


Screenshot for Step 2 are given below.

Step 2 - ADFS -> Relying Party Trust -> Add Relying Party Trust

Oracle Corporation Page 3


Step 2 - Relying Party Trust Wizard

Oracle Corporation Page 4


Step 2 - Relying Party Trust -> Select Data Source

Oracle Corporation Page 5


Step 2 – Relying Party Trust Display Name

Oracle Corporation Page 6


Step 2 – Choose Profile

Oracle Corporation Page 7


Step 2 – Configure URL

Oracle Corporation Page 8


Step 2 – Configure Identifiers -> (Enter URL)

Oracle Corporation Page 9


Step 2 – Configure Identifiers -> Add

Oracle Corporation Page 10


Step 2 – Choose Issuance Authorization Rules

Oracle Corporation Page 11


Step 2 – Ready to add to trust

Oracle Corporation Page 12


Step 2 – Finish

3. Configure the claim rules for the relying party trust.

When finishing the relying party trust creation, select Open Claim Rules option to navigate to
the Claim Rules popup.

o Under Select Rule Type, select the option Send LDAP Attribute as Claims.

o Under Configure Claim Rule, select Attribute Store.

o Under Configure Claim Rule, map LDAP Attribute Name SAM-Account-Name to


outgoing claim type Name ID.

Screenshots for Step 3 are shown below.

Oracle Corporation Page 13


Step 3 – Edit Claim Rule

Oracle Corporation Page 14


Step 3 – Choose Rule Type

Oracle Corporation Page 15


Step 3 – Configure Claim Rule

Oracle Corporation Page 16


Step 3 – Newly Created Claim Rule

4. Export the STS token signing certificate

o Navigate to Service -> Certificates. Select Export. This invokes the export wizard.

o Choose format as Base-64 encoded X.509 (.CER)

o Choose the name of the file that you want to export.

Oracle Corporation Page 17


Step 4 – Export certificate

Oracle Corporation Page 18


Step 4 – Export Wizard

Oracle Corporation Page 19


Step 4 – Export File Format

Oracle Corporation Page 20


Step 4 – File Name for Export

5. Log a service request with Oracle Support to upload the exported certificate to Fusion Expenses
Cloud.

Oracle Corporation Page 21

You might also like