Oracle Access Manager (OAM) Integration Kit

IdP adapter testing

About this task

You can test this adapter using the SP sample application that ships with PingFederate. Follow this procedure to verify adapter functions:

Steps

  1. Set up PingFederate to run the SP sample application according to instructions in the Sample Application Quick Start Guide.

  2. Configure an instance of the OAM Adapter (see OAM IdP configuration).

  3. Reconfigure the SP connection to the sample application to use the OAM Adapter Instance by deleting the existing adapter instance and map the OAM Adapter instance in its place. See Managing mappings in the PingFederate documentation.

    Use the default setting on the Assertion Mapping screen. On the Attribute Contract Fulfillment screen, map SAML_SUBJECT to the Adapter value userId. If you have extended the Adapter Contract and wish to send the extended-attribute value to the SP during SSO, you will need to add a corresponding attribute to the Attribute Contract for the SP connection. Then map this attribute to the additional adapter attribute value (for example, authLevel).

    For any attributes in the Attribute Contract for which there are no related Adapter attributes, select Text in the Source drop-down list for each attribute and enter “test” (or any other text) in the associated text boxes.

  4. On a web page protected by the OAM Access Gate, create an “SSO” link to the PingFederate startSSO endpoint, including the sample SP’s connection ID, in the following format:

    http[s]://<PF_host>:<port>/IdP/startSSO.ping?PartnerIdPId=<connection_id>

    where:

    • <PF_host> is the machine running the PingFederate server

    • <port> is the PingFederate port and

    • <connection_id> is the Connection ID of the SP connection to the sample application.

  5. Access the protected web page by authenticating through OAM Webgate, and click the SSO link.

    Result

    You will be logged on to the sample SP application. If you have modified the connection Attribute Contract to include Authentication Level and extended the Adapter Contract, you should see the authLevel displayed in the “User Attributes” table.