For artifact single sign-on, if Basic over SSL is the authentication scheme protecting the Artifact Resolution Service, you must add a certificate to the Service Provider's smkeydatabase.
The smkeydatabase holds the certificate authority certificate that establishes an SSL connection between the Service Provider and the Identity Provider. The certificate secures the back channel that the assertion is sent across. The Artifact Resolution Service needs to be protected and the back channel need to be secure so the Service Provider knows the SSL connection is secured by a trusted authority.
A set of common root certificates are shipped with the default smkeydatabase. To use root certificate for web servers that are not in the key store, import the necessary root certificates into the smkeydatabase.
For this deployment, the alias is sampleAppCertCA and the certificate of the CA is docCA.crt.
Use the SiteMinder smkeytool utility to modify the database.
To add a certificate to the smkeydatabase
smkeytool -listcerts
Look for an entry type of CertificateAuthorityEntry.
smkeytool -addCert -alias <alias> -infile <cert_file> -trustcacert
For this deployment, the command is:
smkeytool -addCert -alias sampleAppCertCA -infile docCA.crt -trustcacert
The certificate is added to smkeydatabase.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |