To enable XML encryption for either Access Manager or Federation Manager using the Bouncy Castle JAR file to generate a transport key, follow these steps:
If you are using a JDK version earlier than JDK 1.5, download the Bouncy Castle JCE provider from the Bouncy Castle site (http://www.bouncycastle.org/). For example, for JDK 1.4, download the bcprov-jdk14-131.jar file.
If you downloaded a JAR file in the previous step, copy the file to the jdk_root/jre/lib/ext directory.
For the domestic version of the JDK, download the JCE Unlimited Strength Jurisdiction Policy Files from the Sun site (http://www.oracle.com/technetwork/java/index.html) for your version of the JDK. For IBM WebSphere, go to the corresponding IBM site to download the required files.
Copy the downloaded US_export_policy.jar and local_policy.jar files to the jdk_root/jre/lib/security directory.
If you are using a JDK version earlier than JDK 1.5, edit the jdk_root/jre/lib/security/java.security file and add Bouncy Castle as one of the providers. For example:
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
Set the following property in the AMConfig.properties file to true:
com.sun.identity.jss.donotInstallAtHighestPriority=true
Restart the Access Manager web container.
For more information, refer to problem ID 5110285 (XML encryption requires Bouncy Castle JAR file).