KB Article #182579

How to configure mutual SAML assertion signature verification in FAH

Problem

How to configure mutual SAML assertion signature verification in FAH.


Resolution

If you want to configure mutual SAML assertion signature verification check below how the keystores and truststores need to be configured for this:


InterPlay/Datastore has:

  • A truststore file containing the public certificate of the IdP. Properties to configure in the context file : TrustStorePath, TrustStorePassword.
  • A keystore file containing a private key. This private key should be owned by the client and its alias in the keystore file is the one that should be referenced in interplay-web.xml. Properties to configure in context file: KeyStorePath, KeyStorePassword, SsoKeyAlias.

The IdP has:

  • A truststore file containing the public certificate corresponding to the previously mentioned private key.
  • A keystore file containing the the IdP private key.


The entry with the "sso" alias should be the private key and be part of the keystore.


The context files are tipically stored in:

  • FAH 3.0: ~/product/Tomcat/contexts/
  • AIS 2.4: ~/AIS/Tools/apache-tomcat/contexts

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.