Configuring Subject Identity Provider

Description

The Subject Identity Provider is used to retrieve private keys (credentials) from a credential store. You must store the private keys and provide its location. The private keys are used by the Core Engine to decrypt the message when the payload in the incoming request is encrypted. The gateway uses the private keys to sign the response message before sending it back to the client.

Use Case

  • Decrypt the request payload.
  • Sign the request message to forward to any external target operation.
  • Sign the response payload.

Properties

Table Properties for Subject Identify Provider (SIP) describes the properties for Subject Identify Provider.

Properties for Subject Identify Provider (SIP)
Property Description
com.tibco.asg.intent.decrypt
  Boolean intent property indicates if the incoming request message is encrypted or not. If encrypted, then the request message payload is decrypted using the subject identity provider properties (private credentials). Possible values are true or false.

If the value of this property set to true, the request message must be encrypted.

com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider
  Specifies the name of the credential service provider containing the private credentials for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias
  Specifies an alias name for the key corresponding to the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword
  Specifies the protection parameter of the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType
  Specifies the keystore type of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation
  Specifies the location of the keystore of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword
  Specifies the password to unlock the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval
  Specifies the refresh interval in milliseconds.

Sample File