Document how to enable XML encryption (6275563)

To enable XML encryption for either Access Manager or Federation Manager using the Bouncy Castle JAR file to generate a transport key, follow these steps:

1. If you are using a JDK version earlier than JDK 1.5, download the Bouncy Castle JCE provider from the Bouncy Castle site (http://www.bouncycastle.org/). For example, for JDK 1.4, download the bcprov-jdk14-131.jar file.

2. If you downloaded a JAR file in the previous step, copy the file to the jdk_root/jre/lib/ext directory.

3. For the domestic version of the JDK, download the JCE Unlimited Strength Jurisdiction Policy Files from the site (http://www.oracle.com/technetwork/java/index.html) for your version of the JDK. For IBM WebSphere, go to the corresponding IBM site to download the required files.

4. Copy the downloaded US_export_policy.jar and local_policy.jar files to the jdk_root/jre/lib/security directory.

5. If you are using a JDK version earlier than JDK 1.5, edit the jdk_root/jre/lib/security/java.security file and add Bouncy Castle as one of the providers. For example:

   security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

6. Set the following property in the AMConfig.properties file to true:

   com.sun.identity.jss.donotInstallAtHighestPriority=true

7. Restart the Access Manager web container.

For more information, refer to problem ID 5110285 (XML encryption requires Bouncy Castle JAR file).