The public key certificate of trusted SAML assertion issuers must be located in the $APPDIR directory. These certificates must be in PEM format. The name of the certificate must reflect the issuer name. For instance, if the issuer id is "ws_1" then the certificate name should be ws_1.pem.

However, for long issuer names the key file provides the ability to correlate between the real issue name and its local reference name so that the PEM file name can be much more concise but still remain useful to the administrator.

For example, if the assertion issuer name is web.abc.com/saml/authenticator, then the PEM file name for its public key certificate can be called "abc.pem" instead of "www.abc.com/saml/authenticator.pem".

This is especially useful when in a UNIX environment where the "/" symbol also works as a path separator. This translation is required when confusion like this may arise.

The key file name is fixed to"saml_key.meta". It should be located in the same file folder specified by "CertPath". This file should be protected by the file system and is in XML format.

This section contains the following topics:

• Key File Format
  
• File Information
  
• GWWS Key
  
• Assertion Issuer Information
  
• Key File Generation
  
• Procedure to Manage Key File
  
• WS-Policy Files
  
• Mapping SAML Elements with Oracle Tuxedo Security