|
|
|
Digitally signing assertions is required in a SAML 2.0 POST single sign-on. For signing and verification tasks, a private key/certificate pair is used.
Before any transaction or runtime actions, an administrator at IdP1 sends a file with certificate data to SP1. This file contains a certificate (public key) associated with the private key that the IdP1 uses to sign assertions. An administrator at SP1 adds the certificate to its certificate data store.
When the single sign-on transaction occurs, IdP1 signs the assertion with its private key. SP1 receives the assertion and verifies the assertion signature using the certificate in the certificate data store.
The following procedures explain how to set up signing at each site.
| Copyright © 2012 CA. All rights reserved. |
|