OIF 11g Federation Data Store

This blog post will provide information regarding Oracle Identity Federation's (OIF) Federation Data Store of type LDAP and how NameID values and SessionIDs are used.
NOTE: NameID: Transient/One-Time Federations are NOT stored in the LDAP Directory.The below example is with Persistent NameID.

Assumptions
Fed Store Base: cn=myfed,dc=mycompany,dc=com
LDAP Directory: Oracle Internet Directory (OID)

I completed a SP-initiated Federation and the orafed-nameid-value returned was id-hNALa-Rg3q-ttU-XtAgkvQX2wyY-

This value can be taken and used to query OID:

ldapsearch -h idmdemo.mycompany.com -p 389 -D "cn=orcladmin" -q -s sub -b cn=myfed,dc=mycompany,dc=com "orclFedNameValue=id-hNALa-Rg3q-ttU-XtAgkvQX2wyY-" "*"

cn=9dd073b781098b0604715a052b1bd9e2fca4d817,cn=4271ebcd87b93af798f186d788942accaa75e161,cn=myfed,dc=mycompany,dc=com
orclfednamenewvalue=id-cJcpuxFcLr9dvwH9ltUdjem70zo-
orclfednamenewqualifier=https://sso.mycompany.com:443/fed/idp
orclfednamenewformat=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
orclfednamenewcreationtime=1332883593718
orclfednamevalue=id-hNALa-Rg3q-ttU-XtAgkvQX2wyY-
orclfedserverid=wls_oif1
orclfedownerguid=seth.malmberg
orclfedproviderid=https://idmdemo.yourcompany.com:7600/fed/sp
orclfedversion=SAML2.0
orclfedownerdescription=seth.malmberg
cn=9dd073b781098b0604715a052b1bd9e2fca4d817
orclfedfederationtype=1
objectclass=orclFedUserInfo
objectclass=top

Then use the cn value to query the database to find the correct value for the ORA_OSFS_SESSION cookie

SQL> select sessionid, fedid from orafedactivespfed where fedid = 'cn=9dd073b781098b0604715a052b1bd9e2fca4d817,cn=4271ebcd87b93af798f186d788942accaa75e161,cn=myfed,dc=mycompany,dc=com';

id-Kx-zCDBWGBAsP2WOymcFufu6wOQ-
cn=9dd073b781098b0604715a052b1bd9e2fca4d817,cn=4271ebcd87b93af798f186d788942accaa75e161,cn=myfed,dc=mycompany,dc=com
Now we have the correct value for the Federation's ORA_OSFS_SESSION cookie.