6.2 Configuring Federation Manager 1 to Recognize the New Keystores and Key Files
The XML signature provider, the XML encryption provider, and the Federation Manager servers use the keystore configuration in the AMConfig.properties file for signing purposes. By default, Federation Manager supports multiple XML signature algorithms. In this deployment example, you explicitly specify the RSA signature algorithm by setting the appropriate property in the AMConfig.properties file.
Note –
Be sure that you are using the recommended version of the keytool utility. Example:
# which keytool /usr/jdk/instances/jdk/1.5.0_06/bin/keytool |
Use the following as your checklist for configuring Federation Manager 1:
To Create the Federation Manager 1 Keystore
Passwords
-
Create a .storepass file.
# /opt/SUNWam/fm/bin/ampassword -i /var/opt/SUNWam/fm/war_staging -e password >/etc/opt/SUNWam/config/.storepass
-
Create a .keypass file.
# /opt/SUNWam/fm/bin/ampassword -i /var/opt/SUNWam/fm/war_staging -e keypassword >/etc/opt/SUNWam/config/.keypass
To Modify the AMConfig.properties File
-
Go to the following directory:
/var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes/
Make a backup of the AMConfig.properties file before you make changes.
-
In AMConfig.properties, set the following properties as in this example:
com.sun.identity.saml.xmlsig.keystore=/etc/opt/SUNWam/config/fmkeystore com.sun.identity.saml.xmlsig.storepass=/etc/opt/SUNWam/config/.storepass com.sun.identity.saml.xmlsig.keypass=/etc/opt/SUNWam/config/.keypass com.sun.identity.saml.xmlsig.certalias=LoadBalancer-9 ... com.sun.identity.jss.donotInstallAtHighestPriorty=true
-
Uncomment the following property, and set the value as in this example:
com.sun.identity.saml.xmlsig.xmlSigAlgorithm= http://www.w3.org/2000/09/xmldsig#rsa-sha1
Save the file.
-
Regenerate and redeploy the Federation Manager 1 WAR file.
See To Regenerate and Redeploy the Federation Manager 1 WAR File in this manual.
- © 2010, Oracle Corporation and/or its affiliates