The XML signing certificates must be identical on both Access Manager instances. This ensures that when the SAMLv2 metadata is published, the metadata represents both Access Manager instances as a single entity. In this procedure you copy the XML signing certificate from Access Manager 1 and install the certificate on Access Manager 2.
As a root user, log in to the Access Manager 2 host.
Go to the following directory:
/etc/opt/SUNWam/config
Copy into this directory the keystore files that were created for Access Manager 1.
Verify that the certificate is properly installed.
# keytool -list -keystore amkeystore -alias LoadBalancer-3 -rfc Enter keystore password: password Alias name: LoadBalancer-3 Creation date: Nov 2, 2006 Entry type: keyEntry Certificate chain length: 2 |
Certificate text similar to the following is displayed:
Certificate[1]: -----BEGIN CERTIFICATE----- MIICYDCCAgqgAwIBAgICBoowDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh dGUgTWFuYWdlcjAeFw0wNjExMDIxOTExMzRaFw0xMDA3MjkxOTExMzRaMDcxEjAQBgNVBAoTCXNp cm9lLmNvbTEhMB8GA1UEAxMYbG9hZGJhbGFuY2VyLTkuc2lyb2UuY29tMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQCjOwa5qoaUuVnknqf5pdgAJSEoWlvx/jnUYbkSDpXLzraEiy2UhvwpoBgB EeTSUaPPBvboCItchakPI6Z/aFdH3Wmjuij9XD8r1C+q//7sUO0IGn0ORycddHhoo0aSdnnxGf9V tREaqKm9dJ7Yn7kQHjo2eryMgYxtr/Z5Il5F+wIDAQABo2AwXjARBglghkgBhvhCAQEEBAMCBkAw DgYDVR0PAQH/BAQDAgTwMB8GA1UdIwQYMBaAFDugITflTCfsWyNLTXDl7cMDUKuuMBgGA1UdEQQR MA+BDW1hbGxhQHN1bi5jb20wDQYJKoZIhvcNAQEEBQADQQB/6DOB6sRqCZu2OenM9eQR0gube85e nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS -----END CERTIFICATE----- Certificate[2]: -----BEGIN CERTIFICATE----- MIICjjCCAjigAwIBAgICAyAwDQYJKoZIhvcNAQEFBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh dGUgTWFuYWdlcjAeFw0wNDA4MTYwNzAwMDBaFw0zMjA4MTYwNzAwMDBaMIGSMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExHjAcBgNVBAoTFVN1 biBNaWNyb3N5c3RlbXMgSW5jLjEaMBgGA1UECxMRSWRlbnRpdHkgU2VydmljZXMxHDAaBgNVBAMT E0NlcnRpZmljYXRlIE1hbmFnZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArPzFAYBufzrX2i7G /HhBi1RtEjYDHCy15WWytK6ZwbfXUMeyGadHweoZniOBU3VKdHhjIDCjqMMN25/rEM5ozwIDAQAB o3YwdDARBglghkgBhvhCAQEEBAMCAAcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUO6AhN+VM J+xbI0tNcOXtwwNQq64wHwYDVR0jBBgwFoAUO6AhN+VMJ+xbI0tNcOXtwwNQq64wDgYDVR0PAQH/ BAQDAgGGMA0GCSqGSIb3DQEBBQUAA0EAVHUPw/JfaTYTU8rHjR+6Xr6GqNbaT4eZtNXs5wIYljwl HvLjL/AITbxrinqfFiOB2JAOW+gLxo4j6LV6W9/2Mw== -----END CERTIFICATE----- |
Certificate [1] is the public key. This is the certificate that is presented to remote parties in a federated environment. Certificate [2] represents the certificate that authenticates the trusted authority or certificate issuer.