Importing SAML Token Signer Certificate

Edit online

The SAML IdP contains the SAML Token Signer certificate, which the WAS server uses for SAML authentication. This certificate needs to be imported to the WAS server from the IdP.

Procedure

  1. Log in to the WebSphere Administrative console with your admin credentials.
    The Welcome page is displayed.
  2. On the object explorer, expand Security tree and then click SSL certificate and key management.
    The SSL Certificate and Key Management page is displayed.
  3. Under the Related Items section, click Key stores and certificates.
    The Key stores and certificates page is displayed.
  4. Click the NodeDefaultTrustStore link.
    The Node Trust Default Trust Store page is displayed..
  5. Under the Additional Properties section, click Signer Certificates link.
    The Signer Certificate page is displayed.
  6. Click Add to add the certificate.
    The Add signer certificate page is displayed.
  7. In the Alias box, define a name. The name defined in this box is used as value for the TAI custom property, sso_1.idp_1.certAlias.
  8. In the File name box, enter the path name where the certificate you are importing is located. For example:/opt/saml/idp-cert.cer.
  9. Click Apply. The certificate is successfully imported from the path.

What to do next

After configuring the trust interceptor, you must update few interceptors custom properties.