Oracle® Fusion Middleware
Part 14. Certificates

The Find Certificate filter locates a certificate and sets it in the message for use by other certificate-based filters. Certificates can be extracted from the User Store, message attributes, HTTP headers, or attachments.

By default, the API Gateway stores the extracted certificate in the certificate message attribute. However, it can store the certificate in any message attribute, including any arbitrary attribute specified by the user (for example, a user_certificate attribute). The certificate can be extracted from this attribute by a successor filter in the policy.

Name:

Enter an appropriate name for the filter in the Name field.

Attribute Name:

Enter or select the name of the message attribute to store the extracted certificate in.

When the target message attribute has been selected, the next step is to specify the location of the certificate from one of the following options:

User:

Select a User whose certificate is extracted from the Certificate Store and set to the message.

Certificate Store:

Click the Select button, and select a certificate from the Certificate Store.

User or Wildcard:

This field represents an alternative way to specify what user's certificate is used. Either an explicitly named User's certificate is used, or you can specify a selector to locate a User name or DName, which can then be used to locate the certificate.

You can specify a selector by enclosing the message attribute that contains the user name or DName in curly brackets, and prefixing this with $. For example:

${authentication.subject.id}

This selector means that the API Gateway uses the certificate belonging to the subject of the authentication event in subsequent certificate-related filters. The certificate is set to the certificate message attribute. Using selectors is a more flexible way of locating certificates than specifying the User directly. For more details on selectors, see Selecting Configuration Values at Runtime.

Message Attribute Name:

Enter the name of the message attribute that contains the certificate.

HTTP Header Name:

Enter the name of the HTTP header that contains the certificate.

Attachment Name:

Enter the name of the attachment (Content-Id) that contains the certificate. Alternatively, you can enter a selector in this field to represent the value of a message attribute.

Alias Name or Wildcard:

Enter the alias name of the certificate. Alternatively, you can enter a selector to represent the value of a message attribute. For more details on selectors, see Selecting Configuration Values at Runtime.