Configuring Trust Identity Provider

Description

The Trust Identity Provider is used to retrieve public certificates from a credential store required to perform trust operations. You must store the public certificate and provide its location. The certificates are used by the Core Engine to verify the signatures when the payload in the incoming request is signed. The Core Engine uses the public certificate to encrypt the response payload before it sends the response back to the client.

Use Case

  • Verify signatures for the signed request payload.
  • Encrypt the response payload.

Example Properties

See the following properties:

Properties

Table Properties for Trust Identify Provider (TIP) describes the properties for Trust Identify Provider.

Properties for Trust Identify Provider (TIP)
Property Description
com.tibco.asg.intent.signature
  Boolean intent property which indicates if the incoming request message is signed or not. If signed, then the signatures are verified using the trust identity provider properties (public credentials). Possible values are true or false.

If the value of this property set to true, the request message must have valid signatures.

com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider
  Specifies the name of the credential service provider containing the credentials for establishing trust.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType
  Specifies the keystore type. Supported formats are JKS,PKCS12.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation
  Specifies the location of the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword
  Specifies the password to unlock the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval
  Specifies the refresh interval (milliseconds).

Sample File

  • See ASG_CONFIG_HOME/default/wss/req_verifysig.properties file for the properties and example configuration for verifying the signature in the request message.
  • See ASG_CONFIG_HOME/default/wss/resp_encrypt.properties file for the properties and example configuration for encrypting the response message.