| Main Page
 SAML XMLSIG Sample
 
 1. Introduction
    This Sample serves as a basis for using XMLSIG API in SAML.
     
 
 2. Prepare the key and certificate
    Before the user tried out this sample, the user needs to create a
    keystoreand akeyentryin thekeystore. Please note,
    you must usekeytoolfrom JDK 1.3.1 and above version. 
    For more detail, please refer to keytool.htmlfile. 
    Here, for simplicity, We use selftcertas an example. 
 
Generate the key pair (selfcert)
       keytool -genkey -keyalg dsa -alias test
          -dname "cn=sun-unix,ou=SUN Java System Access Manager,o=Sun, c=US"
          -keypass 11111111
          -keystore ./mykeystore
          -storepass 11111111 -validity 180
       This command will generate akeystorecalled"mykeystore"in current directory. AKeyEntrywhich alias name is"test", is
       created and stored inkeystore. If the user wants to generate anRSAKey, please modify to"-keyalg rsa"in above command.
 To generate self certificate please follow, steps 2 and 3 from section
       III of
 keytool.html. This is more useful for testing purposes, where
       the signer and verifier are the same entity so have to import self cert
       as a trusted certificate, but for commercial deployments, refer to point
       2 below.If your site will receive any signed Assertion, Request or Response
       signed by your trusted partner's site, you must import this trusted
       site's certificate into your keystore. Please follow the step 4 and Step
       5 in section III specified in file"keytool.html"to import your partner
       site's certificate into yourkeystore.The user needs to follow steps 6-14 in section III described in file
       "keytool.html"to set up the Access Manager configuration. 
NOTE:
    For commercial product development, please always follow keytool.htmlto
    prepare theKeyEntry/Certificate 
 
 3. Instructions to set up the XMLSIG sample For Solaris
 
cd to <install dir>/SUNWam/samples/saml/xmlsigEdit the MakefileModify the environment variables. These
       environment variables will be used to run the make command.
       BASE - Set this Variable to install directory
       CLASSPATH - Reference the required jars from server.xml of Access
          Manager instance.
       JAVA_HOME - Set this variable to your installation of JDK. It should be
          newer than JDK 1.4.0
       BASE_CLASS_DIR - Directory where all the Sample compiled classes will
          be kept.
       Run gmakeset LD_LIBRARYpath to/usr/lib/mps/secv1. A sample script looks like:
       LD_LIBRARY_PATH=/usr/lib/mps/secv1
       export LD_LIBRARY_PATH
       echo $LD_LIBRARY_PATH
       If the user is using an RSA key, Edit
       <install dir>/SUNWam/locale/amSAML.propertiesfile, change"xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1"to"xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1"If the user is using an DSA key, Edit
       /etc/opt/SUNWam/config/AMConfig.propertiesfile, change"com.sun.identity.jss.donotInstallAtHighestPriority=false"to"com.sun.identity.jss.donotInstallAtHighestPriority=true"Run "gmake createsig"This command will sign the
 "assertion.xml"file and put the signed
       document into"signature.xml"file. If the user wants to sign different
       file or would like to put signed doc into different file. Simply edit
       theMakefile, replace"assertion.xml"to the filename which the user
       wants to sign. Similarly, replace"signature.xml"with the filename to
       which the signed doc would be stored.Run "gmake verifysig"This command will verify the
 "signature.xml"file. The output should be
       "Doc is valid" or "Doc is not valid" If the user wants to verify
       different file, simply edit the"Makefile", replace"signature.xml"with the filename which is preferred to be verified. 
 
 4. Instructions to set up the XMLSIG sample For Windows
 
cd to <install dir>\samples\saml\xmlsigEdit file make.bat.Modify the environment variables. These environment variables will
       be used to run the make command.
 
       BASE - Set this Variable to install directory
       CLASSPATH - Reference the required jars from server.xml of Access
          Manager instance.
       JAVA_HOME - Set this variable to your installation of JDK. It should be
          newer than JDK 1.3.1
       BASE_CLASS_DIR - Directory where all the Sample compiled classes will
          be kept.
       Run "make"to compileIf the user is using an RSA key, Edit
       <install dir>/locale/amSAML.propertiesfile, change"xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#dsa-sha1"to"xmlsigalgorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1"Run "make createsig".This command will sign the
 "assertion.xml"file and put
      the signed document into"signature.xml"file. If the user
      wants to sign different file or would like to put signed document into
      different file. Simply edit the"make.bat"file, replace"assertion.xml"to the filename which the user wants to sign. Similarly, replace"signature.xml"with the filename to which the signed
      document would be stored.Run "make verifysig"This command will verify the
 "signature.xml"file. The output should
       be "Doc is valid" or "Doc is not valid". If the user wants to verify
       different file, simply edit the file"make.bat", replace"signature.xml"with the filename which is preferred to be verified. |