|
The Generate Key filter enables you to generate an asymmetric key pair, or a
symmetric key. The generated keys are placed in message attributes, which are then available
to be consumed by other filters.
An example use case for this filter is to use it in conjunction with the Security Token
Service Client filter. For example, you wish to request a SAML token with a symmetric
proof-of-possession key from an STS. You need to provide the key material to the STS as a
binary secret, which is the private key of an asymmetric key pair. You can use an asymmetric
private key generated on-the-fly instead of from the Certificate Store with an associated
certificate. You must configure the Generate Key filter in a Security
Token Service Client filter policy that runs before the WS-Trust request is created.
You can then configure the Security Token Service Client filter to consume
the generated asymmetric private key. For more details, see the
Security Token Service Client topic.
Note:
An asymmetric key pair generated by the Generate Key filter can also be used
by the Security Token Service Client filter when a proof-of-possession key
of type PublicKey is requested. The generated public key can be used as the
UseKey in the request to the STS.
|