Contents
The Generate Key filter enables you to generate an asymmetric key pair, or a symmetric key. The generated keys are placed in message attributes, which are then available to be consumed by other filters.
An example use case for this filter is to use it in conjunction with the Security Token Service Client filter. For example, you wish to request a SAML token with a symmetric proof-of-possession key from an STS. You need to provide the key material to the STS as a binary secret, which is the private key of an asymmetric key pair. You can use an asymmetric private key generated on-the-fly instead of from the Certificate Store with an associated certificate. You must configure the Generate Key filter in a Security Token Service Client filter policy that runs before the WS-Trust request is created. You can then configure the Security Token Service Client filter to consume the generated asymmetric private key. For more details, see Security Token Service Client.
![[Note]](../common_oracle/images/admon/note.png) |
Note |
|---|---|
|
An asymmetric key pair generated by the Generate Key filter can also be used
by the Security Token Service Client filter when a proof-of-possession key
of type |
Complete the following fields to configure this filter:
Name:
Enter an appropriate name for the filter.
Key Type:
Select the key type from the drop-down list. Defaults to RSA Asymmetric Key Pair.
You can also select Symmetric Key, which is based on Hash-based Message
Authentication Code - Secure Hash Algorithm (HMAC-SHA1).
Key Size:
Enter the key size in bits. Defaults to 2048 bits.
