When creating a local identity store mapping for SAML users, it is recommended that you ensure a corresponding user account for an identity provider user ahead of time. For example, if a user does not exist in the local store, the SAML assertion map to that user in the local identity store will fail. To handle an identity mapping failure, Oracle Access Manager Identity Federation features a plug-in that you can enable to automatically provision a missing identity to the local identity store during a federated SSO operation which enables the federated SSO to proceed.
Note: This is an optional task. If you do not enable automatic user provisioning and a user does not exist in this generic LDAP server, then the authentication / SAML assertion can fail.
To enable automatic user provisioning for the local identity store used by service providers:
wlst.sh
.wlst.cmd
.
connect()
domainRuntime()
putBooleanProperty("/fedserverconfig/userprovisioningenabled", "true")
exit()
Creating an Identity Store for Account Linking
Legal Notices
Copyright © 1999, 2016,
Oracle and/or its affiliates. All rights reserved.
Last Published Tuesday, September 27, 2016