This document covers the following topics:
This tool is required for creating the appropriate value for attribute
IAFDELEGATEDAUTHPASS
. The password should not
appear in clear text in the attributes file; use this tool to create an
encrypted version of the technical user's password.
IAFCryptDelegatedPwd -p <password> -f <attribute file name> -k <key file name>
where | ../Service/IAF001/IAF001.atr |
is the default attribute file name, and |
../etc/IAFKeyFile.txt |
is the default key file name. |
This Java tool helps to set up the delegated authentication framework
that can be deployed with the help of the SIN_JAAS_LoginModules. All delegated
authentication calls are signed, and the signature is validated against a known
certificate. The name of the certificate derived from the fingerprint and this
tool (CertNameGenerator
) will create the appropriate
file name out of an existing certificate.
To set up the delegated authentication framework
Choose an existing certificate where you also have access to the private key.
Extract this certificate in binary form (file extension" .cer").
Execute the CertNameGenerator
with this
certificate as input. The output will be the same certificate, but with a
special name that can be identified by IAF (Example: 5b-0f-34-.....cer, i.e.
the fingerprint is the file name).
Place this new file in the bin directory of IAF.
java -cp CertNameGen.jar com.softwareag.security.MessageDigest.GenerateDigest MyCert.cer
For more information, see Creating Technical User Credential Files
For more information, see Creating Internal User Repository Files