Configuring Integration Server Keystores
You must configure an Integration Server keystore to enable Mediator to process any supported SAML tokens, such as Holder-of-Key tokens, Sender-Vouches tokens, or Bearer tokens.
The keystore must contain at least one private key that can be used by Mediator as the signing alias.
If Mediator is expected to verify the signature of incoming requests from clients, the keystore must also contain the public keys of the clients. The keystore must also contain the public key of the identity provider in its truststore, to validate the signature in the assertion which is signed by the identity provider. This is useful for Holder-of-Key confirmation method-based requests.
To configure an
Integration Server keystore
1. In Integration Server, create a new keystore alias, as described in the Keystores and Truststores section in the webMethods Integration Server Administrator’s Guide.
2. In Integration Server, specify the keystore alias and signing alias to be used by Mediator, as described in the Keystore, Truststore, and Key Aliases section in the webMethods Integration Server Administrator’s Guide.