How to Configure Oracle Virtual Directory (OVD) Plugin to Present a Certificate to an External Service When the External Service Host is Not Configured via the Adapter Setting?

(Doc ID 2333610.1)

Last updated on DECEMBER 04, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Goal

How to configure Oracle Virtual Directory (OVD or OVID) to present a certificate to an external service from a plugin when the external service host is not configured via the adapter setting?

For example, an adapter configured to connect to an ldap server, but the plugin makes an additional call to some other two-way ssl enabled service.  If setting the keystore and trust store via system properties, the certificate is presented to the external service. Without the system properties set, OVID will not present a certificate.  Is there a way through configuration or some other mechanism to force OVID to present a certificate?

More detailed example: There is a custom plugin that connects to a ldap server as would be expected when using OVD.  An additional requirement could be that  the plugin captures an event intended for the ldap server and is forwarded to a JMS provider or a REST endpoint.  The JMS provider and/or REST endpoint requires a 2-way ssl connection.  The problem is that OVD server appears to Not use any certificates when making a call to "external" services.  The workaround is to set system properties in the code, but this configuration is not desired because one could attach to the process and gain access to the system properties (i.e. the passwords).

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms