Can I use separate certificates for each interface with my customer portal SSO implementation?
Oracle Service Cloud - all releases
When implementing SSO for customer portal, it is possible to use separate certificates, one for each interface, if business needs require this type of implementation.
They need to be all added to the "Additional Root Certificates" directory in the File Manager and then have the SAML_20_SIGN_Certs configuration setting updated to contain all corresponding fingerprints.
There is however one important restriction that needs to be taken into account: when opting for this type of implementation, one must ensure that the "Issued to" and "Issued by" fields on the certificates are not the same i.e. the certificates have separate issuers.
Otherwise, when the certificates have the same issuer, the SSO implementation will fail to work concurrently on all interfaces. This also applies when there are two certificates with the same issuer and subject for use in authenticating with the agent console and customer portal or when you are using Identity Provider initiated SSO to log into different interfaces for the agent console.
For more information on how to implement SSO for customer portal, please access our documentation available at: Overview of SAML 2.0 Open Login