test

Deployment Example 2: Federation Using SAML v2

9.2 Configuring Access Manager 1 to Recognize the New Keystores and Key Files

The XML signature provider, the XML encryption provider, and the Access Manager servers use the keystore configuration in the AMConfig.properties file for signing purposes. By default, Access Manager supports multiple XML signature algorithms. In this deployment example, you explicitly specify the RSA signature algorithm by setting the appropriate property in the AMConfig.properties file.

Use the following as your checklist for configuring Access Manager 1:

  1. Create the Access Manager 1 keystore passwords.

  2. Modify the AMConfig.properties file.

  3. Modify the amsaml.properties file.

ProcedureTo Create the Access Manager 1 Keystore Passwords

  1. As a root user, log into the Access Manager host.

  2. Create a .storepass file.


    # cd /etc/opt/SUNWam/config
# /opt/SUNWam/bin/ampassword -e passwordam > .storepass

  3. Create a .keypass file.


    # pwd /etc/opt/SUNWam/config
# /opt/SUNWam/bin/ampassword -e keypasswordam > .keypass

ProcedureTo Modify the AMConfig.properties File

  1. Go to the following directory:


    /etc/opt/SUNWam/config

    Make a backup of the AMConfig.properties file before you make changes.

  2. In AMConfig.properties, set the following properties as in this example:


    com.sun.identity.saml.xmlsig.keystore=/etc/opt/SUNWam/config/amkeystore
com.sun.identity.saml.xmlsig.storepass=/etc/opt/SUNWam/config/.storepass
com.sun.identity.saml.xmlsig.keypass=/etc/opt/SUNWam/config/.keypass
com.sun.identity.saml.xmlsig.certalias=LoadBalancer-3
...
com.sun.identity.jss.donotInstallAtHighestPriorty=true

  3. Uncomment the following property, and set the value as in this example:


    com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
http://www.w3.org/2000/09/xmldsig#rsa-sha1

    Save the file.

ProcedureTo Modify the amsaml.properties File

  1. Go to the following directory:

    /opt/SUNWam/locale

  2. Open the amsaml.properties file and search for the following property:


    xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1

  3. Change the method from dsa-sha1 to rsa-sha1. 


    xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1

  4. Restart the Access Manager 1 server.


    # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com
# ./stop;./start