Hi all,
I was obliged to debug keyshield SSO (version 7.1.0) with Vibe 4.0.3P1. Here is some additional steps not documented.
Vibe talks in https with keyshield server, through an integrated keyshield agent. You can configure this agent as documented.
Access to API requires HTTPs so certificate. Therefore you need to add the certificate to the integrated keyshield agent.
Here is the different steps i followed. If you miss one of these steps, you have an error message (here attached).
Click image for larger version. 

Name:	Vibe_error_message.JPG 
Views:	37 
Size:	24.8 KB 
ID:	5988
a) according to the documentation you need to save the certificate (see file attached) from keyshieldName:  Keyshield_certif_export.JPG
Views: 66
Size:  37.3 KB
b) Recognize where is the keystore in Vibe/tomcat. You can find it int he installer.xml file. Most of the time the keystore is: .../config/apache-tomcat/conf/.keystore

c) import the certificate in a) inside the keystore, using a command like:
/usr/java/latest/jre/bin/keytool -importcert -keystore <keystore path in b)> -alias keyshieldcertif -file <certificate file exported from Keyshield>

d) Modify the file: .../config/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf.properties, to include line like:
# File system path to the trust store containing KeyShield server certificate.
# There is no default value.
keyshield.sso.server.certificate.truststore.path = <full path to keystore file in b)>

e) Restart Vibe (so Tomcat)

Point d) is missing from the documentation...
For those who are interested ...