Add an X.509 Authenticated Identity Provider

Use an X.509 authenticated identity provider with certificate-based authentication to comply with FedRAMP requirements as well as Personal Identity Verification (PIV) cards.

Adding an X.509 authenticated identity provider allows users to login using two-way SSL. Two-way SSL ensures that both the client and the server authenticate each other by sharing their public certificates and then verification is performed based on those certificates.

Prerequisites

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Identity Providers.
  2. Click Add X509 IDP.
  3. Select the Signing Certificate Aliases.
  4. Choose a Matching Attribute Type.
    • Default Filter: Use the default filter to associate Oracle Identity Cloud Service user attributes to certificate attributes.
    • Simple Filter: Use the simple filter to select an Oracle Identity Cloud Service user attribute to associate it to a certificate attribute.
    • Advanced Filter: Use the advanced filter to create a custom filter to associate Oracle Identity Cloud Service user attributes to certificate attributes. For example, you can use username eq “(assertion.subject.cn)” or emails.primary sw “(assertion.serialNumber)”.
  5. Click Save.