Skip Navigation
Expand
Single Sign-On Agent Login Process
Answer ID 5197   |   Last Review Date 07/23/2019

What is the process when an agent logs in and identity provider initiated single sign on is setup?

Environment:

August 2014 and newer, Single Sign-On (SSO)

Resolution:

The following process occurs when single sign-on is enabled for agents who work in the Oracle B2C Service console.

1. An agent enters a user name and password to log in to the organization’s identity provider (such as a PingFederate Server-based application). When the information is verified, the agent is logged in to the identity provider.

2. The identity provider displays a list of service providers, including Oracle Oracle B2C Service, that the agent can connect to.

3. The agent selects Oracle B2C Service.

4. The identity provider generates a signed SAML 2.0 assertion using the account login, email address, account ID, or a staff account custom field as the assertion subject. Refer to Identifying the SAML subject for agent login.

5. The identity provider then submits the assertion to the Oracle Oracle B2C Service SSO launch page using HTTP POST binding (since that is the only binding method Oracle B2C Service supports). The SSO launch page is similar to the standard launch page except that it automatically starts the ClickOnce URL, which logs the agent in after validation.

6. Oracle B2C Service decodes and verifies the assertion and validates the account by confirming that the assertion matches an account in the Oracle B2C Service database.

7. Oracle B2C Service redirects the agent to the ClickOnce URL, which signals the installer to use the SSO login instead of the standard login, and passes the necessary parameters for automatic login.

8. Oracle B2C Service verifies the account using the parameters of the ClickOnce URL for authentication. If necessary, Oracle B2C Service is downloaded and installed. The application is then launched, and the agent is logged in to the Oracle B2C Service Console.

Beginning in May 2015, Service Provider Initiated login is supported.

Third-Party Identity Provider flow chart: User logs into third party provider > Identity authenticated > connection to B2C Service or CP > Identity provider sends assertion to B2C Service > B2C Service verifies > B2C Service verifies account > agent logged in


For additional information, refer to the 'Single Sign-on Support in Oracle B2C Service' section in online documentation for the version your site is currently running. To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.

Available Languages for this Answer:

Notify Me
The page will refresh upon submission. Any pending input will be lost.