SAMLIssuerConfig.properties file

When creating a new SAML token, you can specify configuration properties to control how the token is configured. The configuration properties are stored in a properties file containing name/value pairs. The properties describe provider-side information such as the issuer location, and the keystore and truststore file paths.

Starting with WebSphere® Application Server version 8, you can also use the administrative console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. You can also specify a self-issued SAML token's configuration as custom properties of com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext objects when programming to Web Services Security (WSS) Application Programming interfaces (APIs). Migrate self-issued SAML token configuration data from the SAMLIssuerConfig.properties file to the bindings. Refer to the “Managing self-issue SAML token configuration using wsadmin commands” section for additional information.

The SAMLIssuerConfig.properties file usage is deprecated in WebSphere Application Server version 8. Do not specify a SAMLIssuerConfig.properties file using a Java System property. The com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory.newDefaultProviderConfig() method returns a com.ibm.wsspi.wssecurity.saml.config.ProviderConfig object with empty contents when no SAMLIssuerConfig.properties file is specified, which is the recommended programming style. Use ProviderConfig setter methods to populate its contents.

File Location

A single configuration file, SAMLIssuerConfig.properties, containing the provider-side properties is created and stored on each server. On a WebSphere server, the file is located in the server-level repository, or in the cell-level repository. In an environment that is not based on WebSphere, the file location is defined by a Java system property. The name of this property is com.ibm.webservices.wssecurity.platform.SAMLIssuerConfigDataPath.

For example, the location of the file at the server level on a WebSphere server is:
app_server_root/profiles/$PROFILE/config/cells/$CELLNAME/nodes/$NODENAME/servers/$SERVERNAME/SAMLIssuerConfig.properties
The location of the file at the cell level on a WebSphere server is:
app_server_root/profiles/$PROFILE/config/cells/$CELLNAME/sts/SAMLIssuerConfig.properties

SAML token properties

The following table describes the provider configuration properties.
Table 1. Properties to configure provider information for a new SAML token. Use these properties to control how the token is created.
Property name Sample property value Property description
IssuerURI http://www.websphere.ibm.com/SAML/SelfIssuer The URI of the issuer.
TimeToLiveMilliseconds 3600000 Amount of time before expiration of the token.
KeyStoreRef MyKeyStoreRef A reference to a managed keystore from security.xml.
KeyStorePath app_server_root/etc/ws-security/samples/dsig-receiver.ks The location of the keystore file.
Note: You must modify this value from the default value to match the path location for your system.
KeyStoreType JKS The keystore type.
KeyStorePassword password The password of the keystore file (the password must be XOR encoded). For more information, read about encoding passwords in files.
KeyAlias soapprovider The alias of the key as defined in the keystore file.
KeyName CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP The name of the key as defined in the keystore file.
KeyPassword password The password of the private key as defined in the keystore file (the password must be XOR encoded).
TrustStoreRef MyTrustStoreRef A reference to a managed keystore from security.xml.
TrustStorePath app_server_root/etc/ws-security/samples/dsig-receiver.ks The location of the truststore file.
Note: You must modify this value from the default value to match the path location for your system.
TrustStoreType JKS The truststore type.
TrustStorePassword password The password of the truststore file.
AttributeProvider com.mycompany.SAML.AttributeProviderImpl Implementation class of attribute provider.
NameIDProvider com.mycompany.SAML.NameIDProviderImpl Implementation class of name ID provider.

Example

See the following example of a SAML token configuration properties file:
IssuerURI=http://www.websphere.ibm.com/SAML/SelfIssuer
TimeToLiveMilliseconds=3600000
KeyStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks
KeyStoreType=JKS
KeyStorePassword={xor}LDotKTot
KeyAlias=soapprovider
KeyName=CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP
KeyPassword={xor}LDotKTot
TrustStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks
TrustStoreType=JKS
TrustStorePassword={xor}LDotKTot 



Related tasks
Propagating SAML tokens
Encoding passwords in files
Managing self-issue SAML token configuration using wsadmin commands
Reference topic Reference topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 7:16:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-express-iseries&topic=rwbs_samltokenproperties
File name: rwbs_samltokenproperties.html