How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure AM 6.x to use a Hardware Security Module (HSM) for signing SAML assertions?

Last updated Aug 18, 2022

The purpose of this article is to provide information on configuring AM to use a Hardware Security Module (HSM) for signing SAML assertions, where the SAML keys are stored in a PKCS11 keystore. AM uses a JCEKS or JKS keystore by default (depending on AM version). It should be noted that HSM protection applies to signing keys only. Symmetric keys used for SAML2 encryption are not generated or stored on the HSM.



Copyright and Trademarks Copyright © undefined ForgeRock, all rights reserved.