Contents
The Find Certificate filter locates a certificate and sets it in the message for use by other certificate-based filters. Certificates can be extracted from the certificate store, user store, message attribute selectors, HTTP headers, or attachments.
By default, API Gateway Explorer stores the extracted certificate in
the certificate message attribute. However, it
can store the certificate in any message attribute, including any
arbitrary attribute (for example,
user_certificate). The certificate can
be extracted from this attribute by a successor filter in the policy.
Name:
Enter an appropriate name for the filter.
Attribute Name:
Enter or select the name of the message attribute to store the extracted certificate in. When the target message attribute has been selected, the next step is to specify the location of the certificate from one of the following options.
Certificate Store:
Click the Select button, and select a certificate from the certificate store.
User:
This field provides an alternative way to specify the user certificate. You can enter an explicitly named user in the API Gateway Explorer user store, or you can enter a selector expression that evaluates to a string that contains the name of a user in the user store. For example:
${authentication.subject.id}
![[Tip]](../common_oracle/images/admon/tip.png) |
Tip |
|---|---|
| You can associate a certificate with this user using the Signing Key option in the user configuration. For more details, see ???. In this way, the specified user name is used to retrieve the certificate associated with that user. |
Selector Expression:
You can specify a selector expression by enclosing the message attribute name that
contains the certificate in curly brackets, and prefixing this with $
(for example, ${certificate}). Using a selector is a more flexible
way of locating certificates than specifying the user directly.
![[Note]](../common_oracle/images/admon/note.png) |
Note |
|---|---|
| This selector expression must return an X.509 certificate. Selectors used in other fields return a string that is then used to look up the certificate (for example, in the certificate store, user store, HTTP header, or attachment). |
HTTP Header Name:
Enter the name of the HTTP header that contains the certificate. Alternatively, you can enter a selector expression that evaluates to a string that contains the HTTP header name, and whose value is the certificate.
Attachment Name:
Enter the name of the attachment (Content-Id) that contains the
certificate. Alternatively, you can enter a selector expression that evaluates
to a string that contains the ID of the attachment that encapsulates the
certificate.
Certificate Alias:
Enter the alias name of the certificate. Alternatively, you can enter a selector expression that evaluates to a string that contains the certificate alias in the certificate store.
For more details on selector expressions, see Select configuration values at runtime.
