Skip to main content
This section describes how to use Oracle Cloud SSO with Omni via SAML.

1. Login to Oracle Cloud.

On the left menu, select Identity & Security > Domains. Click your desired domain, then select Integrated Applications. Click Add Application > SAML Application > Launch Workflow. Give the application a name (“Omni” for example) and leave all other fields blank. Select Submit. Select the created application, then click SAML SSO Configuration > Edit SSO Configuration. We can now define our application configuration. Only update the fields mentioned in the table below.
OptionValueDescription
Entity IDhttps://<fqdn for omni>/saml/metadataThe fully-qualified domain name for metadata retrieval
Assertion consumer URLhttps://<fqdn for omni>/saml/acsThe fully-qualified domain name for acs
Name ID FormatEmail address
Name ID ValuePrimary email
Enable single logoutDisabled
At the bottom of this section, you’ll see an “Attibute configuration” block, here the mappings from Oracle to Omni fields needs to be entered as below. Use the “Add attribute” button to create new ones.
NameName FormatValueDescription
emailUnspecifiedPrimary emailThe user’s email address
firstNameUnspecifiedFirst nameThe user’s first name
lastNameUnspecifiedLast nameThe user’s last name
Once saved, head to the “Users” configuration section. Add any users that you wish to have access to Omni. Once complete, head back to the “SAML SSO Configuation” tab and hit “Download” on the “Identity Provider Metadata” field. A copy of this file needs to be on the host which will run the Omni container as we’ll feed it in to the container at runtime. You can copy paste contents or download/upload the file whichever is easiest. For the remainder of this guide, we’ll assume this file ends up at the following location on your container host: ~/oraclemetadata.xml This completes the configurations required in Oracle Cloud.

2. Configure Omni SAML

To get Omni to use Oracle as a SAML provider, the following flags should be passed to Docker & the Omni container on launch.
ScopeFlagDescription
Docker-v $PWD/oraclemetadata.xml:/oraclemetadata.xmlMake available the IDP metadata file in container
Omni--auth-saml-enabled=trueEnable SAML authentication.
Omni--auth-saml-metadata-/oraclemetadata.xmlThe path to the IDP metadata file.
Omni--auth-saml-name-id-format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressEnsures Omni process the email address correctly.
For example; 
docker run \
...
-v $PWD/oraclemetadata.xml:/oraclemetadata.xml
...
ghcr.io/siderolabs/omni:latest \
  --auth-saml-enabled=true
  --auth-saml-metadata-/oraclemetadata.xml
  --auth-saml-name-id-format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress