Configuring Subject Identity Provider

Description

The Subject Identity Provider is used to retrieve private keys (credentials) from a credential store. You must store the private keys and provide its location. The private keys are used by the Core Engine to decrypt the message when the payload in the incoming request is encrypted. The Core Engine uses the private keys to sign the response message before sending it back to the client.

Use Case

  • Decrypt the request payload.
  • Sign the response payload.

Example Properties

See the following properties:

Properties

Table Properties for Subject Identify Provider (SIP) describes the properties for Subject Identify Provider.

Properties for Subject Identify Provider (SIP)
Property Description 
com.tibco.asg.intent.decrypt
  Boolean intent property indicates if the incoming request message is encrypted or not. If encrypted, then the request message payload is decrypted using the subject identity provider properties (private credentials). Possible values are true or false.

If the value of this property set to true, the request message must be encrypted. 

com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider
  Specifies the name of the credential service provider containing the private credentials for establishing the subject's identity. 
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias
  Specifies an alias name for the key corresponding to the private credentials in the credential store for establishing the subject's identity. 
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword
  Specifies the protection parameter of the private credentials in the credential store for establishing the subject's identity. 
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType
  Specifies the keystore type of the private credentials. 
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation
  Specifies the location(s) of the keystore of the private credentials. 
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword
  Specifies the password to unlock the keystore. 
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval
  Specifies the refresh interval in milliseconds.

Sample File

  • See ASG_CONFIG_HOME/default/wss/req_decrypt.properties file for the properties and example configuration for decrypting a request message.
  • See ASG_CONFIG_HOME/default/wss/resp_sign.properties.properties file for the properties and example configuration for encrypting a request message.