What to Store in Smkeydatabase

Configuration Guides › Policy Server Configuration Guide › Additional WS-Security Configuration Requirements › XML Signing and Validation Service › What to Store in Smkeydatabase

What to Store in Smkeydatabase

The XML Signing and Validation Service requires that you store the following in your Smkeydatabase:

Your enterprise private key and certificate for signing WS‑Security documents and generating X509v3 tokens
Public key certificates of trusted message issuers for validation

The following table shows exactly which objects you will need to add to your Smkeydatabase to handle your particular WS‑Security signing and validation requirements.

Function	WS‑Security Token Type	Required Database Objects
Signing	All	Private key and certificate of web service host enterprise
Generating X509 Tokens	X509v3	Private key and certificate of web service host enterprise
Signature Validation	SAML Assertion; Sender-vouches	Certificate of issuing web service consumer application
	SAML Assertion; Holder-of-key	Certificates of XML request subject and issuing web service consumer application.
	X.509v3; Username (if signed)	Certificate of trusted issuer

Email CA Technologies about this topic