Certificate validation requires the Trust Anchors Store (.amtruststore).
Conditions for Security Token Service Certificate Validation (OSTS Certificate Validation Criteria)
A SAML Assertion must be validated.
Security Token Service is configured to validate the signing certificate of a SAML Issuing Authority.
Table 44-4 lists the successful validation requirements.
Table 44-4 Successful Certificate Validation Requirements
|Certificates Must ...||How ...|
Be linked to a trusted anchor:
Not be revoked:
The revocation status of a certificate can be decided by checking:
You need to perform the following tasks to manage this store and validation:
The Trust Anchors keystore is managed using the keytool command.
Certificates added to the keystore are detected by the Certificate Validation module.
Notification is performed by using the JMX Notification Framework and may take some time, depending on the notification refreshing time (60 seconds by default).
Prerequisites for Managing the Trust Anchors Store (amtruststore)
To manage the Trust Anchors Store (amtruststore)
keytool -keystore $DOMAIN_HOME/config/fmwconfig/amtruststore -storetype JKS -alias orakey -file $CERT_FILE
The Security Token Service configuration stores the OCSP/CDP settings. You can add or remove certificate revocation lists (CLRs) to check the revocation status of a certificate, perform the following operations.
You need to have your Certificate Revocation List ready so you can import it.
You must perform the following tasks to manage Certificate Validation and Revocation lists:
From the Oracle Access Management Console System Configuration tab, Common Configuration section, select Certificate Validation.
Optionally, if a particular deployment requires a set of trust anchors separate from that of Access Manager, another keystore can be configured as the trusted certificate store for Security Token Service.
This can be done by having the Administrator perform the following tasks.
You can deploy a custom keystore for a Trusted Certificate.
To deploy a custom keystore: