How to self sign OpenSAML assertion for the version SAML 2.0 using java?

Question

I can able to create a assertion using OpenSAML but I want to sign it. Signing can be done in two ways: 1. Self sign
2. Using third party (verisign etc.,)

What are the steps to self sign the assertion using OpenSAML?

Answer 1

To self sign the assertion you need jks file. Here are the instructions to create a jks file:

1. Open the command console on whatever operating system you are using and navigate to the directory where keytool.exe is located (usually where the JRE is located, e.g. c:\Program Files\Java\jre6\bin on Windows machines).
2. Run the following command (where validity is the number of days before the certificate will expire): keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
3. Fill in the prompts for your organization information. When it asks for your first and last name, enter the domain name of the server that users will be entering to connect to your application (e.g. www.google.com)

Use that jks file to self sign the assertion. For self signing you can use the example in the following link

Answer 2

Googling for opensaml, java, sign assertion gives complete code examples of the signing part. Use openssl or keytool to generate a keypair and certificate.