Enable XML Encryption for Access Manager or Federation Manager using the Bouncy Castle JAR (Sun Java System SAML v2 Plug-in for Federation Services Release Notes)

Sun Java System SAML v2 Plug-in for Federation Services Release Notes

Previous: Modify web.xml When Installing SAML v2 Plug-in for Federation Services Patch 3 on Access Manager 7.0 patch 5
Next: Web Browser Artifact Profile Fails When SAML v2 Plug-in for Federation Services Patch 3 Installed on Federation Manager and WebSphere

Enable XML Encryption for Access Manager or Federation Manager using the Bouncy Castle JAR

If you want to enable the XML encryption feature and your web container is running JDK 1.4, or you are running IBM Websphere (JDK 1.4 and 1.5) as your web container, follow this procedure to use Bouncy Castle to generate a transport key.

Note –

The Bouncy Castle Crypto API is a Java implementation of cryptographic algorithms.

Download the Bouncy Castle provider from Bouncy Castle.

For example, if using JDK 1.4, download the bcprov-jdk14-136.jar.
Copy the downloaded file to the jdk_root/jre/lib/ext directory.
OPTIONAL: If using the domestic version of the JDK, download the appropriate JCE Unlimited Strength Jurisdiction Policy Files from java.sun.com.

Note –
If using IBM WebSphere, go to http://www.ibm.com to download additional required files.
OPTIONAL: Copy the downloaded US_export_policy.jar and local_policy.jar files to the jdk_root/jre/lib/security directory.
Edit the jdk_root/jre/lib/security/java.security file to add Bouncy Castle as one of the providers.

For example, security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
Set the com.sun.identity.jss.donotInstallAtHighestPriority property in the AMConfig.properties file to true.
Restart the web container.

6344530