Trusted CA Signing Certificate Aliases (Sun OpenSSO Enterprise 8.0 Administration Reference)

Sun OpenSSO Enterprise 8.0 Administration Reference

Previous: Trusted Authority Signing Certificate Alias
Next: Liberty Interaction Service

Trusted CA Signing Certificate Aliases

This attribute specifies the certificate aliases for trusted CA. SAML or SAML BEARER tokens of an incoming request. The message must be signed by a trusted CA in this list. The syntax is cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|.....

Example: myalias1:myissuer1|myalias2|myalias3:myissuer3.

The value issuer is used when the token does not have a KeyInfo inside of the signature. The issuer of the token must be in this list and the corresponding certificate alias will be used to verify the signature. If KeyInfo exists, the keystore must contain a certificate alias that matches the KeyInfo and the certificate alias must be in this list.

Previous: Trusted Authority Signing Certificate Alias
Next: Liberty Interaction Service