Add an X.509 Authenticated Identity Provider

Adding an X.509 authenticated identity provider allows users to login using two-way SSL.

Two-way SSL ensures that both the client and the server authenticate each other by sharing their public certificates and then verification is performed based on those certificates.

Prerequisites

• Enable X.509 certificate validation. See Enable X.509 Certificate Authentication.

• Import a trusted partner certificate. See Import a Trusted Partner Certificate.

1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Identity Providers.
2. Click Add X509 IDP.
3. Select the Signing Certificate Aliases.
4. Choose a Matching Attribute Type.
   • Default Filter: Use the default filter to associate Oracle Identity Cloud Service user attributes to certificate attributes.
   • Simple Filter: Use the simple filter to select an Oracle Identity Cloud Service user attribute to associate it to a certificate attribute.
   • Advanced Filter: Use the advanced filter to create a custom filter to associate Oracle Identity Cloud Service user attributes to certificate attributes. For example, you can use username eq “(assertion.subject.cn)” or emails.primary sw “(assertion.serialNumber)”.
5. Click Save.