Network Deployment (Distributed operating systems), v8.0 > Reference > Configuration file descriptions
SAMLIssuerConfig.properties file
When creating a new SAML token, you can specify configuration properties to control how the token is configured. The configuration properties are stored in a properties file containing name/value pairs. The properties describe provider-side information such as the issuer location, and the keystore and truststore file paths.
Start with WAS version 8, you can also use the admin console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. We can also specify a self-issued SAML token's configuration as custom properties of com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext objects when programming to Web Services Security (WSS) Application Programming interfaces (APIs). Migrate self-issued SAML token configuration data from the SAMLIssuerConfig.properties file to the bindings. Refer to the “Managing self-issue SAML token configuration using wsadmin” section for additional information.
The SAMLIssuerConfig.properties file usage is deprecated in WAS version 8. Do not specify a SAMLIssuerConfig.properties file using a Java System property. The com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory.newDefaultProviderConfig() method returns a com.ibm.wsspi.wssecurity.saml.config.ProviderConfig object with empty contents when no SAMLIssuerConfig.properties file is specified, which is the recommended programming style. Use ProviderConfig setter methods to populate its contents.
File Location
A single configuration file, SAMLIssuerConfig.properties, containing the provider-side properties is created and stored on each server. On a WebSphere server, the file is located in the server-level repository, or in the cell-level repository. In an environment that is not based on WebSphere, the file location is defined by a Java system property. The name of this property is com.ibm.webservices.wssecurity.platform.SAMLIssuerConfigDataPath.
For example, the location of the file at the server level on a WebSphere server is:
WAS_HOME/profiles/$PROFILE/config/cells/$CELLNAME/nodes/$NODENAME/servers/$SERVERNAME/SAMLIssuerConfig.propertiesThe location of the file at the cell level on a WebSphere server is:
WAS_HOME/profiles/$PROFILE/config/cells/$CELLNAME/sts/SAMLIssuerConfig.properties
SAML token properties
The following table describes the provider configuration properties.
Properties to configure provider information for a new SAML token. Use these properties to control how the token is created.
Property name Sample property value Property description IssuerURI http://www.websphere.ibm.com/SAML/SelfIssuer The URI of the issuer. TimeToLiveMilliseconds 3600000 Amount of time before expiration of the token. KeyStoreRef MyKeyStoreRef A reference to a managed keystore from security.xml. KeyStorePath WAS_HOME/etc/ws-security/samples/dsig-receiver.ks The location of the keystore file. We must modify this value from the default value to match the path location for the system.
KeyStoreType JKS The keystore type. KeyStorePassword password The password of the keystore file (the password must be XOR encoded). For more information, read about encoding passwords in files. KeyAlias soapprovider The alias of the key as defined in the keystore file. KeyName CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP The name of the key as defined in the keystore file. KeyPassword password The password of the private key as defined in the keystore file (the password must be XOR encoded). TrustStoreRef MyTrustStoreRef A reference to a managed keystore from security.xml. TrustStorePath WAS_HOME/etc/ws-security/samples/dsig-receiver.ks The location of the truststore file. We must modify this value from the default value to match the path location for the system.
TrustStoreType JKS The truststore type. TrustStorePassword password The password of the truststore file. AttributeProvider com.mycompany.SAML.AttributeProviderImpl Implementation class of attribute provider. NameIDProvider com.mycompany.SAML.NameIDProviderImpl Implementation class of name ID provider.
Example
See the following example of a SAML token configuration properties file:IssuerURI="http://www.websphere.ibm.com/SAML/SelfIssuer TimeToLiveMilliseconds=3600000 KeyStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks KeyStoreType=JKS KeyStorePassword={xor}LDotKTot KeyAlias=soapprovider KeyName=CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP KeyPassword={xor}LDotKTot TrustStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks TrustStoreType=JKS TrustStorePassword={xor}LDotKTot
Propagate SAML tokens
Encode passwords in files
Manage self-issue SAML token configuration using wsadmin