from oracle:
Oracle Identity Federation provides a way to update signing and/or encryption wallets smoothly, without interrupting service.
When you need to replace a signing or encryption wallet and a new one is uploaded, Oracle Identity Federation saves the old wallet. The server then continues to use the old wallet in all transactions until it is removed. However, generated metadata will contain the new wallet information as well as the old information. This allows time to notify remote providers about the change.
Once new metadata has been created and distributed to all remote providers, the old wallet can be deleted and Oracle Identity Federation will use the newly uploaded wallet for all subsequent transactions.
Follow these steps when replacing a signing or encryption wallet:
Upload the new wallet.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Wallets tab, click Update.
Check the Update checkbox for the wallet you want to update.
Select the keystore type, wallet location, password, and alias.
Click OK.
Generate and distribute new metadata.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Provider Metadata tab, under the Generate Metadata section, select the provider type and the protocol of the metadata to be generated, and click Generate.
Save the generated metadata.
Distribute the generated metadata to all remote peer providers.
Once all the remote peers updated their system with new metadata, then Delete the old wallet.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Wallets tab, click Update.
In the wallet that you have updated, click Delete old Wallet.
Oracle Identity Federation provides a way to update signing and/or encryption wallets smoothly, without interrupting service.
When you need to replace a signing or encryption wallet and a new one is uploaded, Oracle Identity Federation saves the old wallet. The server then continues to use the old wallet in all transactions until it is removed. However, generated metadata will contain the new wallet information as well as the old information. This allows time to notify remote providers about the change.
Once new metadata has been created and distributed to all remote providers, the old wallet can be deleted and Oracle Identity Federation will use the newly uploaded wallet for all subsequent transactions.
Follow these steps when replacing a signing or encryption wallet:
Upload the new wallet.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Wallets tab, click Update.
Check the Update checkbox for the wallet you want to update.
Select the keystore type, wallet location, password, and alias.
Click OK.
Generate and distribute new metadata.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Provider Metadata tab, under the Generate Metadata section, select the provider type and the protocol of the metadata to be generated, and click Generate.
Save the generated metadata.
Distribute the generated metadata to all remote peer providers.
Once all the remote peers updated their system with new metadata, then Delete the old wallet.
Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.
Navigate to Administration, then Security and Trust.
In the Wallets tab, click Update.
In the wallet that you have updated, click Delete old Wallet.
No comments:
Post a Comment