What do I need to add to turn on encryption for STS?
dlaprade Feb 7, 2012 2:08 PMI read a few docs online stating that it can be done, but I can not find any information about what needs to be done.
Here is a sample picketlink-sts.xml file the the EncryptToken set:
<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"
STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="true">
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="sts_keystore.jks"/>
<Auth Key="KeyStorePass" Value="testpass"/>
<Auth Key="SigningKeyAlias" Value="sts"/>
<Auth Key="SigningKeyPass" Value="keypass"/>
<ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>
</KeyProvider>
<TokenProviders>
<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
TokenElement="Assertion"
TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>
<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
TokenElement="Assertion"
TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
</TokenProviders>
<ServiceProviders>
<ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
TruststoreAlias="service1"/>
</ServiceProviders>
</PicketLinkSTS>
When I run I am not seeing any encryption, but I am seeing a warning in the logs:
Security token should be encrypted but no encrypting key could be found
Can someone help me to understand what I am missing?
thx