Creating Trust Identity Resources

The Trust Identity Provider is used for obtaining certificates needed for performing trust operations from a credential store. This resource requires a trust store for SSL client and signature verification.

Prerequisites

Ensure that the TIBCO Enterprise Administrator server and the agent are running. Ensure that the agent is registered with the server.

Procedure

  1. Log in to TIBCO Enterprise Administrator.
  2. From the landing page, click TIBCOSecurityServer card.
  3. Click Resource Manager Service.
  4. From the Trust Identity Resources pane, click create.
    Note: Alternatively, click Trust Identity Resources, and in the following page, click create.
  5. Provide the following details:
    Property Description
    name Required. Name of the Trust Identity Provider.
    sslProtocol Optional. The name of the SSL Protocol such as TLSv1.
    sslProvider Optional. The name of the SSL Provider.
    sslCipherStrength Optional. The cipher strength is the number of bits in the key used to encrypt data. The greater the number of bits in the key ( cipher strength), the more possible key combinations and the longer it would take to break the encryption. The cipher strength should be at least 128 bits.
    sslExplicitCiphers Optional. Explicit Ciphers are enabled when SSL Cipher Class is set to Explicit Ciphers.
    sslHostName Optional. Name of the SSL Host.
    sslVerifyHost Optional. Select this option to verify SSL Host.
    sslVendor Optional. Name of the SSL vendor.
    kerberosServiceProvider Optional. Name of the Kerberos Service Provider.
    kerberosServicePrincipalName Optional. The name of a Kerberos client principal . Specify this information to gain access to the private key of the client principal.
    wssEncryptionAlgorithm Optional. The WSS encryption algorithm. By default it is AES_128.
    wsskeyEncryptionAlgorithm Optional. The WSS key encryption algorithm. By default it is RSAOEP.
    wssBspCompliant Optional. Select this option to make the resource wssbsp compliant.
    wssStrictTimestamp Optional. Select this option to enable WSS strict timestamp.
    wssTimeStampTimeToLive Optional. The time to live in seconds.
    wssTimeStampFutureTimeToLive Optional. The future time to live in seconds.
    wssEnableSignatureConfirmation Optional. Select this option to enable signature confirmation.
    wssKeyType Optional. The WSS key type. By default, the value is set toSKI_KEY_IDENTIFIER.
    wssCertificateRevocationURL Optional. The WSS Certificate revocation URL.
    wssCertificateRevocationReloadInterval Optional the reload interval for revoking the WSS certificate.
    trustStoreServiceProvider Required. The name of the keystore credential resource.
    enableTrustStoreAccess Required. By default this option is enabled.
    sslExplicitlyTrustAllCAs Optional. By default this option is enabled.
    sslCertificateRevocationURL Optional. The SSL Certificate revocation URL.
    sslCertificateRevocationReloadInterval Optional the reload interval for revoking the SSL certificate.
  6. Click create to create a Trust Identity resource.
    Note: You can create a Trust Identity resource using python scripts available under TIBCO_HOME\tea\agents\tss\<version>\samples\resourceManagerService\trust.