We would like to enable SSO between two servers. The producer side uses this code:
I need to implement the consumer side. The producer gave me the url to his server and asked me to append to the url two parameters: The message and the signature. Can someone please help/explain me how to create those?
Even though loading the private key from from file works, the preferred way is to keep it securely stored in a java KeyStore. Check out more about it at java.sun.com
Your question is little bit confusing and not clear as to what is that you want to do. I'm answering with my best understanding of the question.
Signing a piece of text (could be anything, like just a user id, or user id with url, etc), is two step process.
1. Create a message digest out of the text 2. Encrypt the message digest using the private key, which produces Signature.
Once signature is created, it should not be altered in anyway otherwise signature would be broken and consumer would not be able to validate it.
So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message. [ July 03, 2008: Message edited by: Santhosh Kumar ]
Joined: Oct 17, 2006
So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message.
Can you please provide me with a general code example for this?
Joined: Nov 07, 2000
I'm not sure if this is what you meant to ask as an example nevertheless I just modified your original code to add the url.