Omni Governance Console Administration User's Guide > Configuring Single Sign-On > Special Algorithms (Optional)

Special Algorithms (Optional)

If the use of special blocking and signing algorithms is required (for example, to support a change of the signing algorithm to RSA with SHA256, and support AES-256 blocking algorithm), then perform the following steps to add the Java Cryptography Extensions local_policy.jar and US_export_policy.war.

Note: If Java version 1.8 is being used, then skip to step 4.

  1. In your Java installation (\jre\lib\security directory) and in all of the Java installations in use by Omni Governance Console (OGC), SiteMinder Identity Provider (IdP), and the SiteMinder Policy Server (they are most likely already in Java used by the Identity Provider and the Identity Provider's Policy Server):
    1. Rename the original local_policy.jar file to:
      local_policy_orig_jar.out
    2. Rename the original US_export_policy.jar file to:
      US_export_policy_orig_jar.out
  2. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (local_policy.jar and US_export_policy.jar) directly from the Oracle website, and store them in the following directory of your Java installation:
    \jre\lib\security

    For example, you should have a \security subfolder that is structured as shown in the following image.

  3. For Java version 1.8, uncomment the crypto.policy setting, which is located in \java\jdk1.8.0_181\jre\lib\security\java.security, as shown in the following image.
  4. Issue a request for the SiteMinder IdP administrator to reconfigure the partnership with the required algorithms, as shown in the following image.

    No additional changes to OGC properties or to the generated certificates are required.