Simplified SSO experience using Custom Secure Form-Fill applications in Oracle Identity Cloud Service

By Abhishek Juneja

Oracle Identity Cloud Service provides Single Sign-On capabilities for SaaS and On-premise applications, which support Federated SSO using SAML2.0 or OAuth-OIDC protocols. However, a large chunk of web applications do not support these open-standard protocols for federated SSO. Oracle Identity Cloud Service provides Single Sign-On to these applications using Secure Form Fill (also known as Password Vaulting or Screen Scraping) phenomenon.

Oracle Identity Cloud Service Application Catalog provides an extensive set of pre-integrated SAML and Secure Form Fill applications across various categories including HCM, ERP, CRM, Security, etc. The simplified and intuitive interfaces of the Application Catalog improve administrative efficiency in configuring new applications.

If you do not find the secure form fill application that you need in the app catalog or you simply want to create your own, you can do so with Oracle Identity Cloud Service. Define your own secure form fill configuration using the ESSO Admin Console, export the configuration, and then import that configuration into your secure form fill app in Oracle Identity Cloud Service. On activating the application, you can assign it to Users or Groups.

As an end-user, you can access that application as an end-user from MyApps portal of Oracle Identity Cloud Service or from Secure Form Fill Browser Plugin. When you launch the application for the first time, the browser plugin prompts you to provide username and password of the applications; Oracle Secure Form Fill Browser Plugin stores your application credentials in a user wallet. For consecutive application launches, the plugin is able to determine which app you are trying to access, and then the plugin retrieves the application credentials, submits those to the web page and logs the user in.

The end user’s credentials are stored in an end-user specific encrypted artifact that is safe and protected from the outside world; the browser plugin retrieves the user credentials from this artifact prior to submission in the application. In addition, user credentials are neither stored nor cached in the browser or the user’s device.

Let us see how easily and swiftly you can create and configure an application as a Secure Form Fill application in Oracle Identity Cloud Service (IDCS) and enable your users to get SSO experience.

1. Install the Secure Form Fill Admin Client a. IDCS Administrators can download the Secure Form Fill admin client from IDCS

Downloads page

2. Create a Secure Form Fill Configuration file a. Launch Secure Form Fill Admin Clientb. Select ‘Applications’ to create a ‘New Web App’

c. In the consecutive screens, enter the name of the Application and select ‘Logon’ as the form type.

d. Enter the Web Application URL in the Address field and select GO.

e. Using the web page fields in the bottom of the screen,i. Select the User name field, right-click, and choose Username/ID.

ii. Select the Password field, right-click, and choose Password.iii. Select the Submit button, right-click, and choose Submit.

f. Click OK and SAVE the file.g. Export the file in .ini format by clicking File, Export option.

More details on how to create a Secure Form Fill configuration file are available here

3. Create a Custom Secure Form Fill App in Oracle Identity Cloud Service

After creating the application configuration file, create a Secure Form fill app in IDCS

a. In the Administrator’s console of Oracle Identity Cloud Service, go to Applications, select ‘Add an Application’, select ‘Application Catalog.

b. In the Application Catalog, select ‘Generic Secure Form Fill App Template’.c. Enter the Application name and Description, upload the Application Logo and enter the

Application URL. d. In the Display settings, you can select the ‘Display in My Apps’ and ‘User can request

access’ options. e. Click Add and create the application.

f. Click Import and import the Secure Form fill configuration file, which you created.

g. You can activate the application and assign it to the Users and Groups.

More details are available here

4. Running the Secure Form Fill application from IDCS MyApps Console

Oracle Secure Form Fill Plugin allows end user to login into the applications. It’s a pre-requisite to run Secure Form Fill applications.

a. The end user can see the application tile on the MyApps console.

b. When user selects to run it for the first time, Enter credentials box pops up in which user enters the application credentials and select Login

c. IDCS launches the application in another browser tab, it automatically enters the user’s credentials and selects Submit button.

d. The user logins into the application.

e. For consecutive logins, the credentials box does not pop up to collect user credentials. f. The user can update the credentials by selecting the Update Credentials link, which is

available in the application tile.

More information on creating custom Secure Form Fill application in Oracle Identity Cloud Service is available here