How to Configure the SiteMinder Key Database for ICAS
The Relying Party must use SSL to protect the fcc file. The Relying Party must export the SSL certificate associated with the web site to a pfx file. A SiteMinder administrator can then import the SSL certificate from the pfx file into smkeydatabase using smkeytool.
When the certificate is imported into smkeydatabase, it is associated with an alias, which is stored in the fcc file. The certificate's private key is used to decrypt the security token and verify the digital signature.
Configuring the SiteMinder key database is a two-step process:
smkeytool.bat -addPrivKey -alias example -keycertfile c:\Temp\www-example-com.pfx
-password CAdemo123
Specifies the action that you want smkeytool to take
Specifies a name for the SSL certificate in smkeydatabase
Note: This is the alias that is specified in the properties file.
Specifies the location of the pfx file on your local machine
Specifies the password that you provided when exporting the SSL certificate to the pfx file
Note: The password you provide when exporting the SSL certificate to the pfx file is used later by SiteMinder when importing the SSL certificate from the pfx file.
Note: If smkeydatabase does not exist, you can create it using the Policy Server Configuration Wizard. For more information, see the Policy Server Installation Guide.
Note: For more information about smkeydatabase and smkeytool, see the Federation Security Services Guide.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |