Configuring Subject Identity Provider

Description

The Subject Identity Provider is used to retrieve private keys (credentials) from a credential store. You must store the private keys and provide its location. The private keys are used by the Core Engine to decrypt the message when the payload in the incoming request is encrypted. The gateway uses the private keys to sign the response message before sending it back to the client.

Use Case

Decrypt the request payload.
Sign the request message to forward to any external target operation.
Sign the response payload.

Properties

This table describes the properties for Subject Identify Provider.

Properties for Subject Identify Provider (SIP)
Property	Description
com.tibco.asg.intent.decrypt
	Boolean intent property indicates if the incoming request message is encrypted or not. If encrypted, then the request message payload is decrypted using the subject identity provider properties (private credentials). Possible values are `true` or `false`. If the value of this property set to true, the request message must be encrypted.
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider
	Specifies the name of the credential service provider containing the private credentials for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias
	Specifies an alias name for the key corresponding to the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword
	Specifies the protection parameter of the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType
	Specifies the keystore type of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation
	Specifies the location of the keystore of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword
	Specifies the password to unlock the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval
	Specifies the refresh interval in milliseconds.

Sample File

See ASG_CONFIG_HOME/default/security/resource/SubjectIsp.properties, as follows:
SubjectIsp.properties

Did you find this helpful?

Yes No