|
|
|
The key provider is an alternative to the shared secret for encrypting cookies. It offers additional security by using a key that can be configured to "rollover," or change at a user-determined time interval, whereas the encrypted shared secret is a static key attribute.
If you set the KeyModel element to KeyProviderLibrary, you must configure the KeyProviderLibrary and KeyRolloverInterval attributes. These two attributes are valid only when KeyModel=KeyProviderLibrary.
The library used by the key provider must be provided by the consumer site. This library implements the Key Provider API, which provides the keys that encrypt the data in the consumer cookies. To direct the SAML Affiliate Agent to the key provider library, enter the full library path name. For example:
<KeyProviderLibrary>/export/affiliateagent/keylibrary.so
</KeyProviderLibrary>
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |