WAS v8.5 > Reference > Configuration file descriptions

SAMLIssuerConfig.properties file

When creating a new SAML token, we can specify configuration properties to control how the token is configured. The configuration properties are stored in a properties file containing name/value pairs. The properties describe provider-side information such as the issuer location, and the keystore and truststore file paths.

Starting with WebSphere Application Server version 8, we can also use the dmgr console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. We can also specify a self-issued SAML token's configuration as custom properties of com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext objects when programming to Web Services Security (WSS) Application Programming interfaces (APIs). Migrate self-issued SAML token configuration data from the SAMLIssuerConfig.properties file to the bindings. Refer to the “Managing self-issue SAML token configuration using wsadmin commands” section for additional information.

The SAMLIssuerConfig.properties file usage is deprecated in WAS version 8. Do not specify a SAMLIssuerConfig.properties file using a Java System property.

The com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory.newDefaultProviderConfig() method returns a com.ibm.wsspi.wssecurity.saml.config.ProviderConfig object with empty contents when no SAMLIssuerConfig.properties file is specified, which is the recommended programming style. Use ProviderConfig setter methods to populate its contents.


File Location

A single configuration file, SAMLIssuerConfig.properties, containing the provider-side properties is created and stored on each server. On a WebSphere server, the file is located in the server-level repository, or in the cell-level repository. In an environment not based on WebSphere, the file location is defined by a Java system property. The name of this property is com.ibm.webservices.wssecurity.platform.SAMLIssuerConfigDataPath.

For example, the location of the file at the server level on a WebSphere server is:

The location of the file at the cell level on a WebSphere server is:


SAML token properties

The following table describes the provider configuration properties.

Properties to configure provider information for a new SAML token. Use these properties to control how the token is created.

Property name Sample property value Property description
com.ibm.wsspi.wssecurity.
dsig.oldEnvelopedSignature
true Use only if you are setting the
com.ibm.wsspi.wssecurity.dsig.
enableEnvelopedSignatureProperty
JVM custom property to true. See the topic Java Virtual Machine (JVM) custom properties for a description of when we might want to use this JVM custom property.
IssuerURI http://www.websphere.ibm.com/SAML/SelfIssuer The URI of the issuer.
TimeToLiveMilliseconds 3600000 Amount of time before expiration of the token.
KeyStoreRef MyKeyStoreRef A reference to a managed keystore from security.xml.
KeyStorePath app_server_root/etc/ws-security/samples/dsig-receiver.ks The location of the keystore file.

You must modify this value from the default value to match the path location for the system.

KeyStoreType JKS The keystore type.
KeyStorePassword password The password of the keystore file (the password must be XOR encoded). For more information, read about encoding passwords in files.
KeyAlias soapprovider The alias of the key as defined in the keystore file.
KeyName CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP The name of the key as defined in the keystore file.
KeyPassword password The password of the private key as defined in the keystore file (the password must be XOR encoded).
TrustStoreRef MyTrustStoreRef A reference to a managed keystore from security.xml.
TrustStorePath app_server_root/etc/ws-security/samples/dsig-receiver.ks The location of the truststore file.

You must modify this value from the default value to match the path location for the system.

TrustStoreType JKS The truststore type.
TrustStorePassword password The password of the truststore file.
AttributeProvider com.mycompany.SAML.AttributeProviderImpl Implementation class of attribute provider.
NameIDProvider com.mycompany.SAML.NameIDProviderImpl Implementation class of name ID provider.


Example

Example of a SAML token configuration properties file:
IssuerURI=http://www.websphere.ibm.com/SAML/SelfIssuer
TimeToLiveMilliseconds=3600000
KeyStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks
KeyStoreType=JKS
KeyStorePassword={xor}LDotKTot
KeyAlias=soapprovider
KeyName=CN=SOAPProvider, OU=TRL, O=IBM, ST=Kanagawa, C=JP
KeyPassword={xor}LDotKTot
TrustStorePath=${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks
TrustStoreType=JKS
TrustStorePassword={xor}LDotKTot 


Related


Propagating SAML tokens
Encoding passwords in files
Manage self-issue SAML token configuration using wsadmin commands


+

Search Tips   |   Advanced Search