Liberty ID-WSF Security Service

Security Attribute Plugin Class

This attribute specifies the implementation class name for the com.sun.identity.liberty.ws.security.SecurityAttributePlugin interface. The class returns a list of SAML attributes to be included in the credentials generated by the Discovery Service.

Key Info Type

The value set in this attribute is used in the com.sun.identity.liberty.ws.security.LibSecurityTokenProvider implementation class. It specifies the data type to be put into the KeyInfo block inside the XML signature. If value is certificate, the signer's X059 Certificate will be included inside KeyInfo. Otherwise, corresponding DSA/RSA key will be included in KeyInfo.

Security Token Provider Class

This attribute specifies the implementation class for the security token provider.

Default WSC Certificate Alias

This attribute specifies default certificate alias for the issuing web service security token for this web service client.

Trusted Authority Signing Certificate Alias

This attribute specifies the certificate alias for the trusted authority that will be used to sign the SAML or SAML BEARER token of response message.

Trusted CA Signing Certificate Aliases

This attribute specifies the certificate aliases for trusted CA. SAML or SAML BEARER tokens of an incoming request. The message must be signed by a trusted CA in this list. The syntax is cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|.....

Example: myalias1:myissuer1|myalias2|myalias3:myissuer3.

The value issuer is used when the token does not have a KeyInfo inside of the signature. The issuer of the token must be in this list and the corresponding certificate alias will be used to verify the signature. If KeyInfo exists, the keystore must contain a certificate alias that matches the KeyInfo and the certificate alias must be in this list.