Oracle Access Manager (OAM) How To Configure LDAP SSL Communication For An Identity Store (Doc ID 1503942.1)

Last updated on MARCH 17, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.210611 and later
Information in this document applies to any platform.

Oracle Access Manager (OAM) authenticates users against LDAP server.
An OAM User Identity Stores contains the configuration to access the LDAP server.
This note explains the steps required for OAM to establish LDAP connections via SSL.
This note does not cover how to configure LDAP server for SSL or how to export LDAP Server SSL certificates.

Background

Oracle Access Manager supports LDAP SSL "No-Authentication" and SSL "Server Authentication" communication.
The SSL "no-authentication" mode encrypts the data without exchanging a certificate between the LDAP server and the OAM Server.
Oracle Internet Directory and Oracle Virtual Directory support the SSL "no-authentication" mode.
Most LDAP server configured for SSL use the "Server Authentication" mode.
This means during the SSL handshake the LDAP server sends a certificate to the LDAP client.
The LDAP client trusts the LDAP server certificate, if the root certificate of the Certificate Authority ( CA ) , which signed the certificate of the LDAP server, is loaded to the LDAP client certificate trust store. For OAM it means the root CA certificate has to be imported to the OAM trust keystore.

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.