Previous Topic: Store Claims for Later Use in Active Responses

Next Topic: Configure a User Directory for ICAS

How to Configure the SiteMinder Key Database for ICAS

The Relying Party must use SSL to protect the fcc file. The Relying Party must export the SSL certificate associated with the web site to a pfx file. A SiteMinder administrator can then import the SSL certificate from the pfx file into smkeydatabase using smkeytool.

When the certificate is imported into smkeydatabase, it is associated with an alias, which is stored in the fcc file. The certificate's private key is used to decrypt the security token and verify the digital signature.

Configuring the SiteMinder key database is a two-step process:

  1. To export an SSL certificate from an IIS web server to a pfx file on your local machine, you can use the Web Server Certificate Wizard. For more information, see Microsoft's documentation.
  2. To import an SSL certificate from a pfx file into smkeydatabase using smkeytool, execute smkeytool.bat, specifying the options in the following example:

    smkeytool.bat -addPrivKey -alias example -keycertfile c:\Temp\www-example-com.pfx

    -password CAdemo123

Note: The password you provide when exporting the SSL certificate to the pfx file is used later by SiteMinder when importing the SSL certificate from the pfx file.

Note: If smkeydatabase does not exist, you can create it using the Policy Server Configuration Wizard. For more information, see the Policy Server Installation Guide.

Note: For more information about smkeydatabase and smkeytool, see the Federation Security Services Guide.


Copyright © 2010 CA. All rights reserved. Email CA about this topic