This requires registration of relying party endpoint addresses and their corresponding public certificates. In this scenario, STS generates a Holder-Of-Key subject confirmation (symmetric key) and encrypts it with the public key of the relying party. This is included in the subject confirmation section of the SAML token, which is validated at by the relying party end. For this the relying parties endpoint address and the corresponding public certificates needs to be registered.
Follow the instructions below to configure STS for obtaining tokens with Holder-Of-Key subject confirmation (Symmetric Key).
- Start the WSO2 Identity Server.
- Log in as an admin to access the management console.
- Do Follow the following steps if you are using a steps given below to configure the Holder of Key confirmation method.
- Navigate to the Service Providers section by clicking Add in the Main menu under Service Providers.
- Add a Service Provider Name and Description and click Register.
- In the resulting page, expand the Inbound Authentication Configuration and the WS-Trust Security Token Service Configuration sections.
- Click Configure.
Enter the trusted relying parties party and upload the public certificate of the trusted relying party (against its end-point).
Info These The relying parties party will accept security tokens from the Identity Server.
The tokens issued are encrypted using the public key of the trusted relying party. Accordingly, even the client who obtains the token to send to the RP has no visibility to the included token.
Example: Enter the endpoint address of the service that you are running.
- Click Apply.
- A new trusted service is added to the service provider.
...