OCI IAM Identity Domains
SAML Configuration Center
Central workspace for Service Provider endpoints, Identity Provider settings, metadata, mappings, and local test users.
Public Endpoints
- Public IP
149.118.147.152- Domain
mingyuet.online- Base URL
https://mingyuet.online- Home URL
https://mingyuet.online/- Login URL
https://mingyuet.online/login- Protected user URL
https://mingyuet.online/user- Metadata URL
https://mingyuet.online/metadata- Metadata Download
- Download SP metadata XML
- ACS URL
https://mingyuet.online/saml/acs- SP local logout URL
https://mingyuet.online/logout- SP Single Logout URL
https://mingyuet.online/saml/logout
Use this in OCI IAM as the app's Single Logout URL.- SP Logout Response URL
https://mingyuet.online/saml/logout
Use this in OCI IAM as the Logout Response URL.- Logged-out landing URL
https://mingyuet.online/logged-out- Entity ID
https://mingyuet.online/metadata
After changing the domain, restart the app before testing live SAML login so the Passport SAML strategy uses the same ACS and Entity ID as the metadata.
Editable Public Settings
Update these when reusing the app with a new public IP or domain. Derived SAML URLs are generated from the domain.
OCI IAM SAML Application Values
| OCI IAM Field | Value |
|---|---|
| Assertion Consumer URL | https://mingyuet.online/saml/acs |
| Entity ID | https://mingyuet.online/metadata |
| NameID format | emailAddress |
| NameID value | primary email |
| Protected landing page | https://mingyuet.online/user |
| Single Logout URL | https://mingyuet.online/saml/logout |
| Logout Response URL | https://mingyuet.online/saml/logout |
Attribute Mapping
| SAML Attribute | Suggested OCI IAM Source | Used By Demo |
|---|---|---|
email | Primary email | User identifier and local allowlist match |
firstName | Given name | Profile display |
lastName | Family name | Profile display |
userName | Username | Optional local allowlist match |
Integration Status
- OCI IAM SSO URL
https://idcs-44674e664a3644379b2d320176c2b848.identity.oraclecloud.com/fed/v1/idp/sso- OCI IAM IdP certificate
- Configured
- IdP metadata entity ID
https://idcs-44674e664a3644379b2d320176c2b848.identity.oraclecloud.com:443/fed- OCI IAM logout URL
https://idcs-44674e664a3644379b2d320176c2b848.identity.oraclecloud.com/fed/v1/idp/slo
IdP SLO endpoint from OCI metadata. The app sends a SAML LogoutRequest here; do not open it directly in the browser.- IdP config file
./data/idp-config.json- Login strategy status
- Active with startup IdP config
- Signed AuthnRequests
- Disabled: recommended for initial lab testing
- Require signed SAML Response
- Disabled: assertion signature is still required
- Require signed Assertion
- Enabled
- Local user allowlist
- Enabled
- User file
./data/test-users.json
Editable OCI IAM IdP Settings
Paste OCI IAM IdP metadata XML, or manually set the SSO URL and IdP signing certificate. Restart the app after saving before testing live SAML login.
Import IdP Metadata XML
Manual IdP Settings
Local Test User Allowlist
OCI IAM must still authenticate the user. This file only lets the SP accept or reject authenticated SAML users for lab testing.
| Username | First | Last | Status | Notes | |
|---|---|---|---|---|---|
alice@example.com |
alice | Alice | Example | Enabled | Sample local allowlist user. Replace with an OCI IAM test user's email. |
bob@example.com |
bob | Bob | Example | Disabled | Disabled sample user. |
dummy.user@example.com |
dummy.user@example.com | Dummy | User | Enabled |