How To Make An Oracle API Gateway Policy Validate Client's Certificate? (Doc ID 1914738.1)

Last updated on SEPTEMBER 02, 2016

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Goal

Using the SSL filter in a policy to allow for the validation of the user based on the client certificate passed by the request.

In order to use this filter, it is necessary to create a user and add the user to a group to be used by the Check Group Membership filter when the user request comes to OAG policy.  OAG checks if the user is in the group and will return error if the user is not in the group specified.

There is a further requirement to check the certificate against the OAG certificate store to ensure it is trusted.  The OAG policy in this case should not just compare the user name and ignore the user certificate comparison.
 
What filters are required to perform this task in an OAG policy?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms