Contents
The Generate Key filter enables you to generate an asymmetric key pair, or a symmetric key. The generated keys are placed in message attributes, which are then available to be consumed by other filters.
An example use case for this filter is to use it in conjunction with the Security Token Service Client filter. For example, you wish to request a SAML token with a symmetric proof-of-possession key from an STS. You need to provide the key material to the STS as a binary secret, which is the private key of an asymmetric key pair. You can use an asymmetric private key generated on-the-fly instead of from the Certificate Store with an associated certificate. You must configure the Generate Key filter in a Security Token Service Client filter policy that runs before the WS-Trust request is created. You can then configure the Security Token Service Client filter to consume the generated asymmetric private key. For more details, see the Security Token Service Client topic.
Note | |
---|---|
An asymmetric key pair generated by the Generate Key filter can also be used
by the Security Token Service Client filter when a proof-of-possession key
of type |