Use an X.509 authenticated identity provider with certificate-based authentication to comply with FedRAMP requirements as well as Personal Identity Verification (PIV) cards.
Adding an X.509 authenticated identity provider allows users to login using two-way SSL. Two-way SSL ensures that both the client and the server authenticate each other by sharing their public certificates and then verification is performed based on those certificates.
- In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Identity Providers.
- Click Add X509 IDP.
- Select the Signing Certificate Aliases.
- Choose a Matching Attribute Type.
- Default Filter: Use the default filter to associate Oracle Identity Cloud Service user attributes to certificate attributes.
- Simple Filter: Use the simple filter to select an Oracle Identity Cloud Service user attribute to associate it to a certificate attribute.
- Advanced Filter: Use the advanced filter to create a custom filter to associate Oracle Identity Cloud Service user attributes to certificate attributes. For example, you can use username eq “(assertion.subject.cn)” or emails.primary sw “(assertion.serialNumber)”.
- Click Save.