stskeyutil create
[ -overwrite
| -header head | -user usr | -roles roles | -domain name | -expires n ] [common-options]
-overwrite
Overwrite and existing key file. By default, an existing key file is not overwritten.
-url url
This is one of the common options that specifies the OpenEdge Authentication Gateway server's URL into the key. If not specified, no URL is written to the key. This does not affect the ability to use the key.
-header head
Specify a client STS Client Key in head to send to the to Authentication Gateway Server in the header. If not specified, the client uses the default header name (x-oests-token).
-user usr
Specify the Client-Prinicipal user-id in usr. If not specified, the default user-id is oeclient.
-roles roles
Assign roles for authorization to the OpenEdge STS resources. If not specified, the default role is OESTSClient.
-expires n
The amount of time before the key expires. Specify the number of days in n.
The stskeyutil create utility generates a sealed key file containing a sealed OpenEdge Client-Principal, using an administrator-supplied Domain access code. The Client-Principal field contents generated for the STS Server Key is not controllable by the administrator.
Note: When the OpenEdge STS server is running in a clustered environment, the administrator does not need to create an STS Server Key for each node. Assuming all nodes in the cluster share the same OpenEdge STS Server configuration, they share the STS Server Key. Note that when installing the STS Client Key, you can specify a different node name via the -node parameter.
