Understand Trusted Partner Certificates

In this topic, you learn about trusted partners and trusted partner certificates.

A trusted partner is any application or organization, remote to Oracle Identity Cloud Service, that communicates with Oracle Identity Cloud Service.

Oracle Identity Cloud Service uses identity propagation to communicate with a trusted partner. During identity propagation, a front-end Oracle Identity Management product, such as Oracle Access Manager, challenges a user and authenticates the user's credentials.

After the user's identity is validated, a token is generated. This token is used in place of a password to prove that the user is who he or she claims to be. The asserted identity is then passed into Oracle Identity Cloud Service. Because the identity has already been established, Oracle Identity Cloud Service trusts that it is a valid user identity, and can use it, as required.

For example, Oracle Identity Cloud Service receives a user assertion from Oracle Access Manager. As a result, a user can use Oracle Access Manager to log in to a portal associated with a trusted partner. This portal takes the user to the Home page of an order management system. The Home page displays the orders the user made from the order management system.

The first step in establishing a trusted partner is to determine the partner's role in the trust relationship. A trusted partner can be a source site (one that generates an SSO assertion) or a destination site (one that consumes an SSO assertion).

Currently, trusted partners generate SSO assertions that Oracle Identity Cloud Service consumes.

To ensure that the assertions are transmitted to Oracle Identity Cloud Service securely, the information contained in the assertions is encrypted in X.509 digital certificates. These certificates are known as trusted partner certificates.

Oracle Identity Cloud Service uses trusted partner certificates that have Distinguished Encoding Rules (DER) file extensions.