This blog is a follow-up to previous posts on CISCO ASAv in OCI. If you did not read them, you can find the first blog that focuses on the provisioning of the Marketplace VM and can be found here, and the second blog that focuses on the configuration needed to have a working VPN RA can be found here. The architecture used for this implementation can be found here.
Below you can see the network diagram.
This blog has the following prerequisites:
Login to your OCI tenancy and navigate to "Identity & Security > Federation > OracleIdentityCloudService" and fetch the "Oracle Identity Cloud Service Console" and login to the IDCS service console.
In the dashboard, under "Applications and Services" click the plus sign,
and select SAML Application.
Configure the application name.
In the following screen fill in the following:
Download the "Signing Certificate" and "Identity Provider Metadata"
Activate the SAML application.
Under the SAML application navigate to the Groups tab and assign the dev group.
Note that the group dev has a user assigned.
Create another SAML application for the prod user. The Metadata will be the same for both applications.
In a text editor open the IDCS metadata and look for the following atributes: "entityID", "SingleSignOnService" and "SingleLogoutService".