Sun Java System SAML v2 Plug-in for Federation Services Release Notes

Enable XML Encryption for Access Manager or Federation Manager using the Bouncy Castle JAR

If you want to enable the XML encryption feature and your web container is running JDK 1.4, or you are running IBM Websphere (JDK 1.4 and 1.5) as your web container, follow this procedure to use Bouncy Castle to generate a transport key.

Note –

The Bouncy Castle Crypto API is a Java implementation of cryptographic algorithms.

  1. Download the Bouncy Castle provider from Bouncy Castle.

    For example, if using JDK 1.4, download the bcprov-jdk14-136.jar.

  2. Copy the downloaded file to the jdk_root/jre/lib/ext directory.

  3. OPTIONAL: If using the domestic version of the JDK, download the appropriate JCE Unlimited Strength Jurisdiction Policy Files from

    Note –

    If using IBM WebSphere, go to to download additional required files.

  4. OPTIONAL: Copy the downloaded US_export_policy.jar and local_policy.jar files to the jdk_root/jre/lib/security directory.

  5. Edit the jdk_root/jre/lib/security/ file to add Bouncy Castle as one of the providers.

    For example, security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

  6. Set the com.sun.identity.jss.donotInstallAtHighestPriority property in the file to true.

  7. Restart the web container.