3 Replies Latest reply on Feb 17, 2012 10:54 AM by anil.saldhana

    What do I need to add to turn on encryption for STS?

    dlaprade

      I read a few docs online stating that it can be done, but I can not find any information about what needs to be done.

       

      Here is a sample picketlink-sts.xml file the the EncryptToken set:

       

      <PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"

                STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="true">

                <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">

                          <Auth Key="KeyStoreURL" Value="sts_keystore.jks"/>

                            <Auth Key="KeyStorePass" Value="testpass"/>

                            <Auth Key="SigningKeyAlias" Value="sts"/>

                            <Auth Key="SigningKeyPass" Value="keypass"/>

                            <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>

                </KeyProvider>

                <TokenProviders>

                  <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider"

                      TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"

                        TokenElement="Assertion"

                        TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>

                  <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"

                      TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"

                        TokenElement="Assertion"

                        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>

                </TokenProviders>

                <ServiceProviders>

                          <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"

                                    TruststoreAlias="service1"/>

                </ServiceProviders>

      </PicketLinkSTS>

       

       

      When I run I am not seeing any encryption, but I am seeing a warning in the logs:

       

      Security token should be encrypted but no encrypting key could be found

       

       

      Can someone help me to understand what I am missing?

       

      thx