Generate Key


The Generate Key filter enables you to generate an asymmetric key pair, or a symmetric key. The generated keys are placed in message attributes, which are then available to be consumed by other filters.

An example use case for this filter is to use it in conjunction with the Security Token Service Client filter. For example, you wish to request a SAML token with a symmetric proof-of-possession key from an STS. You need to provide the key material to the STS as a binary secret, which is the private key of an asymmetric key pair. You can use an asymmetric private key generated on-the-fly instead of from the Certificate Store with an associated certificate. You must configure the Generate Key filter in a Security Token Service Client filter policy that runs before the WS-Trust request is created. You can then configure the Security Token Service Client filter to consume the generated asymmetric private key. For more details, see the Security Token Service Client topic.

[Note] Note

An asymmetric key pair generated by the Generate Key filter can also be used by the Security Token Service Client filter when a proof-of-possession key of type PublicKey is requested. The generated public key can be used as the UseKey in the request to the STS.


Complete the following fields to configure this filter:


Enter an appropriate name for the filter.

Key Type:

Select the key type from the drop-down list. Defaults to RSA Asymmetric Key Pair.

Key Size:

Enter the key size in bits. Defaults to 2048 bits.