When creating a new SAML token, you can specify configuration properties to control how the token is configured. The configuration properties are stored in a properties file containing name/value pairs. The properties describe provider-side information such as the issuer location, and the keystore and truststore file paths.
Property name | Sample property value | Property description |
---|---|---|
IssuerURI | http://www.websphere.ibm.com/SAML/SelfIssuer | The URI of the issuer. |
TimeToLiveMilliseconds | 3600000 | Amount of time before expiration of the token. |
KeyStoreRef | MyKeyStoreRef | A reference to a managed keystore from security.xml.
Example:KeyStoreRef=name=TD-POCClientKeyStore managementScope=(cell):stdfed01_Cell If you specify a KeyStoreRef property, you do not have to specify the KeyStorePath, and KeyStoreType properties. |
KeyStorePath | app_server_root/etc/ws-security/samples/dsig-receiver.ks | The location of the keystore file. You do not have to specify this property if you have specified the KeyStoreRef property, Note: You must modify this value from the default
value to match the path location for your system.
|
KeyStoreType | JKS | The keystore type. You do not have to specify this property if you have specified the KeyStoreRef property, |
KeyStorePassword | password | The password of the keystore file. For increased security, the password should be XOR encoded. For more information, read about encoding passwords in files. |
KeyAlias | soapprovider | The alias of the key as defined in the keystore file. |
KeyName | CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP | The name of the key as defined in the keystore file. |
KeyPassword | password | The password of the private key as defined in the keystore file. For increased security, the password should be XOR encoded. |
TrustStoreRef | MyTrustStoreRef | A reference to a managed keystore from security.xml.
Example:TrustStoreRef=name=POCClientTrustStore managementScope=(cell):lanscheNode11Cell:(node):lanscheNode04 If you specify a TrustStoreRef property, you do not have to specify the TrustStorePath, and TrustStoreType properties. |
TrustStorePath | app_server_root/etc/ws-security/samples/dsig-receiver.ks | The location of the truststore file. You do not have to specify this property if you have specified the TrustStoreRef property, Note: You must modify
this value from the default value to match the path location for your
system.
|
TrustStoreType | JKS | The truststore type. You do not have to specify this property if you have specified the TrustStoreRef property, |
TrustStorePassword | password | The password of the truststore file. For increased security, the password should be XOR encoded. |
AttributeProvider | com.mycompany.SAML.AttributeProviderImpl | Implementation class of attribute provider. |
NameIDProvider | com.mycompany.SAML.NameIDProviderImpl | Implementation class of name ID provider. |
A single configuration file, SAMLIssuerConfig.properties, containing the provider-side properties is created and stored on each server. On a WebSphere® server, the file is located in the server-level repository, or in the cell-level repository. In an environment that is not based on WebSphere, the file location is defined by a Java™ system property. The name of this property is com.ibm.webservices.wssecurity.platform.SAMLIssuerConfigDataPath.
app_server_root/profiles/$PROFILE/config/cells/$CELLNAME/nodes/$NODENAME/servers/$SERVERNAME/SAMLIssuerConfig.properties
app_server_root/profiles/$PROFILE/config/cells/$CELLNAME/sts/SAMLIssuerConfig.properties
IssuerURI=http://www.websphere.ibm.com/SAML/SelfIssuer TimeToLiveMilliseconds=3600000 KeyStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks KeyStoreType=JKS KeyStorePassword={xor}LDotKTot KeyAlias=soapprovider KeyName=CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP KeyPassword={xor}LDotKTot TrustStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks TrustStoreType=JKS TrustStorePassword={xor}LDotKTot