Skip Navigation

Search

Considerations when Implementing Customer Portal Single Sign On
Answer ID 9990   |   Last Review Date 07/06/2026

What do I need to consider when implementing Customer Portal Single Sign On (SSO)?

Environment:

Customer Portal Single Sign On

Resolution:

Customer Portal SSO only supports identity provider (IdP) initiated SSO.  Because the login flow is initiated by the IdP, a Customer Portal does not generate a SAMLRequest .  

The following topics should be taken into consideration when setting up the identity provider.

  • Entity ID can be any unique value in the IDP.
  • Format of assertion consumer service (ACS) URL is https://<your_interface>/ci/openlogin/saml/subject/<parameter>
    • If no subject parameter is supplied, contact login will be used.
  • Parameters that can be used are
  •  
    • contact.emails.address
    • contact.login
    • contact.id
    • contact.customfields.[customfield-name]
  • If a redirect is needed after the assertion is validated, append /redirect/<page> to the ACS url.
  •  
    • For example, https://<your_interface>/ci/openlogin/saml/subject/contact.id/redirect/app/ask
  • Logout URL: https://<your_interface>/ci/openlogin/logout. See Customer Portal Logout URL for SSO for further information.

Once the identity provider has been implemented, there are a few mandatory requirements that must be performed in Oracle B2C Service as well as the signing certificate must be validated. For more information, refer to the following answers.

Mandatory requirements for all SSO implementations

Validating and reviewing the properties of the signing certifcate for SSO