Adding a metadata service

Edit online

Add a metadata service.

Procedure

  1. Log in to the local management interface.
  2. Click AAC > FIDO2 Configuration > Metadata.
  3. Under Metadata Services, click Add.
  4. Configure the metadata service with the following properties:
    URL
    The URL used to connect to the metadata service.
    JWS Truststore

    The name of the truststore used to verify the signature of the metadata blob that is downloaded from the metadata service. If not specified the truststore that is configured in the Truststore property is used.

    Truststore
    The name of the truststore to use. If not specified and an HTTPS connection is specified, the truststore that is configured in the HTTPClientV2 advanced configuration is used. See Advanced configuration properties.
    The truststore that is specified has the following purposes:
    1. The truststore is used to set up the SSL connection with the metadata service.
    2. If the JWS Truststore is not set, the truststore must contain the certificate that is used to verify the signature of the metadata blob that is downloaded from the metadata service.
    Protocol
    The SSL protocol to use for the HTTP connection. Valid values are TLS, TLSv1, TLSv1.1, and TLSv1.2. If not specified, the protocol that is configured in the HTTPClientV2 advanced configuration is used. See Advanced configuration properties.
    Timeout
    Specifies the request timeout (seconds). A value of 0 results in no timeout. If not specified, the connect timeout that is configured in the HTTPClientV2 advanced configuration is used. See Advanced configuration properties.
    Show advanced request options
    Click Next or select the Request Overrides tab to reveal more optional configuration items.
    Username
    Specifies the basic authentication username. If not specified, basic authentication is not used. If the username is specified, provide the password.
    Password
    Specifies the basic authentication password. If not specified, basic authentication is not used. If the password is specified, provide the username.
    Keystore
    Specifies the client keystore. If not specified, client certificate authentication is not used. If the keystore is specified, provide the certificate.
    Certificate
    Specifies the client key alias. If not specified, client certificate authentication is not used. If the certificate is specified, provide the keystore.
    Proxy
    The URL of the proxy server that is used to connect to the metadata service (including the protocol).
    HTTP Request Headers
    Click Add to add HTTP headers to the HTTP request.
  5. Click OK to save the configuration.