Agent Guides › SAML Affiliate Agent Guide › Extend a SAML Affiliate Agent › Key Provider API

Key Provider API

The SAML Affiliate Agent encrypts and decrypts cookies before passing the cookies to a user’s browser. When an Agent receives a SiteMinder cookie, the agent key enables the Agent to decrypt the contents of the cookie. Because cookies may contain sensitive data, these keys secure this information.

For cookie encryption, the SAML Affiliate Agent can use either:

• A static shared secret. The shared secret is defined during installation of the SAML Affiliate Agent.
• Keys that are periodically changed. These dynamic key values are supplied to the SAML Affiliate Agent through the Key Provider API.

  The SAML Affiliate Agent polls the Policy Server for key updates at a regular interval. If keys have been updated, Agents pick up the changes during polling. When a Web Agent detects a key rollover has taken place, the Agent retrieves new values for the keys.

You specify the type of encryption key to use through the KeyModel element of the AffiliateConfig.xml file.

To supply dynamic encryption keys through a key provider library, define the KeyProviderLibrary and KeyRolloverInterval attributes in KeyModel:

• KeyProviderLibrary. The full path and file name of the key provider library.

  Note: Key provider library file names must be less than 256 characters.

• KeyRolloverInterval. The rollover time, in seconds, when the current key expires and a new one must be supplied to the SAML Affiliate Agent.

When a key provider library is used to supply dynamic keys, the KeyModel elements looks like this:

<KeyModel>KeyProviderLibrary</KeyModel>
 <KeyAttributes>
  <KeyProviderLibrary>library_path_and_name</KeyProviderLibrary>
  <KeyRolloverInterval>time_in_seconds</KeyRolloverInterval>
 </KeyAttributes>
</KeyModel>

More Information

Configuring the Affiliate Web Server Plug-in