Add an X.509 Authenticated Identity Provider
Adding an X.509 authenticated identity provider allows users to login using two-way SSL.
Two-way SSL ensures that both the client and the server authenticate each other by sharing their public certificates and then verification is performed based on those certificates.
Prerequisites
-
Enable X.509 certificate validation. See Enable X.509 Certificate Authentication.
- Import a trusted partner certificate. See Import a Trusted Partner Certificate.
- In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Identity Providers.
- Click Add X509 IDP.
- Select the Signing Certificate Aliases.
- Choose a Matching Attribute Type.
- Default Filter: Use the default filter to associate Oracle Identity Cloud Service user attributes to certificate attributes.
- Simple Filter: Use the simple filter to select an Oracle Identity Cloud Service user attribute to associate it to a certificate attribute.
- Advanced Filter: Use the advanced filter to create a custom filter to associate Oracle Identity Cloud Service user attributes to certificate attributes. For example, you can use username eq “(assertion.subject.cn)” or emails.primary sw “(assertion.serialNumber)”.
- Click Save.