You can use system configuration attributes to:
Choose the SignedData format or the XMLSignedData format. Note that you can configure only one format at a time, although administrators can change this setting as needed.
Include a digital timestamp retrieved from a configured RFC 3161 Timestamp Authority (TSA).
Specify a URL, in HTTP only, from which to fetch this timestamp.
To edit these attributes, use the Identity Manager debug pages to edit the system configuration object. These attributes are all located under security.nonrepudiation, along with other signed approval attributes.
The XMLDSIG attributes include:
security.nonrepudiation.useXmlDigitalSignatures is a boolean value that enables XMLDSIG signatures.
security.nonrepudiation.timestampXmlDigitalSignatures is a boolean value that includes RFC 3161 digital timestamps in XMLDSIG signatures.
security.nonrepudiation.timestampServerURL is a string value where the URL points to the HTTP-based TSA from which to fetch timestamps.
You must first set the existing useSignedApprovals attribute to true for any of the preceding attributes to have an effect.
Identity Manager does not support multiple signatures on one approval or signed approvals for more general provisioning requests.