Layer 7 Access Management

oAuth Client certificate Chaining

  • 1.  oAuth Client certificate Chaining

    Posted 07-19-2019 09:47 AM
    Hi All,

    we have setup oAuth client in siteminder with our third party partner in which we had to import the partners HTTP SSL certificate chain in Siteminder, once we import those all certificate chains the oAuth works fine we are able to use the token to log in to the application.

     But the challenge we are thinking is: the oAuth logins will start failing if the partner decided to change the SSL Certificate, I think, if we have an oAuth setup with google/facebook/LinkedIn we need to import the SSL certificate and if google/facebook/LinkedIn or partner decides to change the certificate logins will fail with updating the certificates in siteminder, and we don't expect google/facebook/LinkedIn to inform about SSL certificate change, what we can do if google/facebook/LinkedIn decides to change certificate without prior information and without breaking the system.