CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configure SAML Tokens

Configure SAML Tokens

On successful authentication, CA AuthMinder returns an authentication token. CA AuthMinder supports several types of authentication tokens, and Secure Assertion Markup Language (SAML) tokens are one among them (in addition to Native, OTT, and Custom token types.)

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Verify that the CA Strong Authentication tab in the submenu is active.
3. Under SAML, click the SAML Token Configuration link to display the SAML Token Configuration page.
4. Select from one of the following options:
   • If you want to create a configuration, then enter the configuration name in the Configuration Name field.
   • If you want to update an existing configuration, then select the configuration that you want to update from the Select Configuration list.
5. Select the SAML Signing Key in HSM option if you want to store the keys that are used for signing SAML assertions in Hardware Security Module (HSM). Otherwise, the keys are stored in the database.
6. (HSM Onlyl) Click Browse against the SAML Signing Certificate Chain (in PEM Format) field to upload the certificate that is used by the CA AuthMinder Server to issue the SAML token.
7. Click Browse against the P12 File Containing SAML Signing Key Pair field to upload the PKCS#12 file containing the certificate that is used by the CA AuthMinder Server to issue the SAML token.
8. Enter the password for the PKCS#12 file in the P12 File Password field.
9. In the Digest Method field, specify the algorithm (such as SHA1, SHA256, SHA384, SHA512, or RIPEMD 160) to use for hashing the SAML tokens.
10. Enter the name of the Issuer who will provide the SAML token generated by CA AuthMinder.

    For example, if company XYZ is using CA AuthMinder to generate SAML tokens, then you can enter XYZ in this field.

11. In the Subject Format Specifier (SAML 1.1) field, specify the format of the SAML subject for SAML 1.1.
12. In the Subject Format Specifier (SAML 2.0) field, specify the format of the SAML subject for SAML 2.0.
13. Enable the Single-Use Token option, if you want the SAML token to be used only once for authentication.
14. In the Token Validity (in Seconds) field, enter the duration after which the SAML token cannot be used.
15. If required, set the additional attributes for SAML token generation in the Additional Token Attributes section.

    Click Add More to add more attributes, if needed.

16. In the Audience section and table, enter the details of the audience who can use the SAML token.

    Click Add More if you want to add more audiences.

17. Click Save to save the SAML token configuration.
18. Refresh all deployed CA AuthMinder Server instances. See Refresh a Server Instance for instructions about the procedure.