OIF 11g : How to configure OIF 11g to verify the signatures on incoming messages

(Doc ID 1296564.1)

Last updated on JUNE 06, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.1 to 11.1.1.4.0 [Release 11g]
Information in this document applies to any platform.

Goal

This "How To" note shows you how to configure OIF to require incoming messages it receives, such as assertions, to be digitally signed and verified.

First a few facts about PKI to help you understand what is happening when messages are digitally signed and then verified.

PKI stands for Public/Private Key Infrastructure. A certificate authority (aka CA) will issue a "key pair". They are referred to as "key pairs" because the CA will issue a Private key as well as a corresponding Public key.

A Private key is used to digitally sign a message in which only the Public key can certify the signature on the message was actually signed by the Private key. Thus certifying the message came from whomever is in possession of the Private key.

The Private key must never be shared with anyone.

The Public key not only validate signatures on messages signed by the Private key, but the Public key can also encrypt messages that only the Private key can decrypt. The Public key is not able to decrypt messages it has encrypted. Think of the Public key as a key that can lock a box, but is unable to unlock the same box it locked. Messages that are encrypted by the Public Key can only be deciphered by the Private Key.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms