ODSEE - Client Certificate-Based Authentication Over SSL to Oracle Directory Server (Part II)
(Doc ID 1287204.1)
Last updated on OCTOBER 11, 2020
Oracle Directory Server Enterprise Edition - Version 6.3 and later Information in this document applies to any platform.
This document is divided in 2 parts:
Server secure connection over SSL to Oracle Directory Server (Part I) - Document 1228193.1
Client certificate-based authentication over SSL to Oracle Directory Server (Part II) is covered below in this document.
SSL Workflow between Client and Server
Below is the flow control between server and client to establish client authentication with user certificate binary verification.
Client sends client client_hello to Server
Server responds with server_hello, and its certificate. Server requests the client certificate
Client replies with its certificate and exchanges the session key
SSL connection established
Server searches the subject DN of the client certificate. In our example here it is cn=USER.1,ou=people,<SUFFIX_DN>
From the user entry cn=USER.1,ou=people,<SUFFIX_DN>, server fetches the value of "userCertificate:" attribute which is the exact copy of the client's certificate. Server uses this value for verification of the the client's identification for binding to the directory.
After authentication, the LDAP operation will be performed as usual
Questions and Answers
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!