The XML signature provider, the XML encryption provider, and the Access Manager servers use the keystore configuration in the AMConfig.properties file for signing purposes. By default, Access Manager supports multiple XML signature algorithms. In this deployment example, you explicitly specify the RSA signature algorithm by setting the appropriate property in the AMConfig.properties file.
Use the following as your checklist for configuring Access Manager 2:
As a root user, log into the Access Manager 2 host.
Create a .storepass file.
# cd /etc/opt/SUNWam/config # /opt/SUNWam/bin/ampassword -e passwordam > .storepass |
Create a .keypass file.
# pwd /etc/opt/SUNWam/config # /opt/SUNWam/bin/ampassword -e keypasswordam > .keypass |
Go to the following directory:
/etc/opt/SUNWam/config |
Make a backup of the AMConfig.properties file before you make changes.
In AMConfig.properties, set the following properties as in this example:
com.sun.identity.saml.xmlsig.keystore=/etc/opt/SUNWam/config/amkeystore com.sun.identity.saml.xmlsig.storepass=/etc/opt/SUNWam/config/.storepass com.sun.identity.saml.xmlsig.keypass=/etc/opt/SUNWam/config/.keypass com.sun.identity.saml.xmlsig.certalias=LoadBalancer-3 ... com.sun.identity.jss.donotInstallAtHighestPriorty=true |
Uncomment the following property, and set the value as in this example:
com.sun.identity.saml.xmlsig.xmlSigAlgorithm= http://www.w3.org/2000/09/xmldsig#rsa-sha1 |
Save the file.
Go to the following directory:
/opt/SUNWam/locale
Open the amsaml.properties file and search for the following property:
xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1 |
Change the method from dsa-sha1 to rsa-sha1.
xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1 |
Restart the Access Manager 2 server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com # ./stop;./start |