The XML signature provider, the XML encryption provider, and the Federation Manager servers use the keystore configuration in the AMConfig.properties file for signing purposes. By default, Federation Manager supports multiple XML signature algorithms. In this deployment example, you explicitly specify the RSA signature algorithm by setting the appropriate property in the AMConfig.properties file.
Use the following as your checklist for configuring Federation Manager 2 to recognize the new keystores and key files:
Create a .storepass file.
# /opt/SUNWam/fm/bin/ampassword -i /var/opt/SUNWam/fm/war_staging -e password >/etc/opt/SUNWam/config/.storepass |
Create a .keypass file.
# /opt/SUNWam/fm/bin/ampassword -i /var/opt/SUNWam/fm/war_staging -e keypassword >/etc/opt/SUNWam/config/.keypass |
Go to the following directory:
/var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes/ |
Make a backup of the AMConfig.properties file before you make changes.
In AMConfig.properties, set the following properties as in this example:
com.sun.identity.saml.xmlsig.keystore=/etc/opt/SUNWam/config/fmkeystore com.sun.identity.saml.xmlsig.storepass=/etc/opt/SUNWam/config/.storepass com.sun.identity.saml.xmlsig.keypass=/etc/opt/SUNWam/config/.keypass com.sun.identity.saml.xmlsig.certalias=LoadBalancer-9 ... com.sun.identity.jss.donotInstallAtHighestPriorty=true |
Uncomment the following property, and set the value as in this example:
com.sun.identity.saml.xmlsig.xmlSigAlgorithm= http://www.w3.org/2000/09/xmldsig#rsa-sha1 |
Save the file.
Regenerate and redeploy the Federation Manager 2 WAR file.
See To Regenerate and Redeploy the Federation Manager 2 WAR File.