Federation Manager Guide › Getting Started with a Simple Partnership › Enable Signature Processing › Configure Signature Processing at the SP

Configure Signature Processing at the SP

SP1 is required to verify the signature of an assertion. Before a transaction, SP1 has to have the certificate (public key) from IdP1. This is the certificate that is associated with the private key that IdP1 uses to sign the assertion.

This certificate must be imported into SP1 certificate data store.

Follow these steps:

1. From the Federation Manager UI, click the Federation tab and select Partnerships.

   The View Federation Partnerships window displays.

2. Select Action, Deactivate next to the entry for DemoPartnership.

   Deactivate a partnership before editing it.

3. Click Action, Modify next to the entry for DemoPartnership.

   The dialog for the first step of the Partnership wizard opens.

4. Click the Signature and Encryption step in the Partnership wizard.
5. In the Signature group box:
   1. Deselect Disable Signature Processing.
   2. Click Import next to the Verification Certificate Alias field.

      The Import Certificate/Private Key window opens.

6. Complete the import wizard as follows:
   1. Select the file from where you are importing the certificate.
   2. Select the certificate entry from the file that you want to import and enter a value for the Alias, such as cert1.
   3. Confirm the selection and click Finish.

   You return to the View Federation Partnerships window.

7. Select Action, Modify for the partnership entry.
8. Go to the Signature and Encryption step. In the dialog, the key/certificate that you imported is now available from the Signing Private Key Alias drop-down list.
9. Select the alias, cert1 for the certificate and click Next.
10. Review the settings in the Confirm dialog and click Finish.

    You return to the View Federation Partnerships window.

11. Reactivate the partnership by selecting Action, Activate next to the DemoPartnership entry in the Federation Partnership List.
12. Restart the federation services according to your operating environment.
    • Windows

      Use the stop and start shortcuts as follows. If you logged in as a network user and not a local administrator, right-click the shortcut and select Run as administrator.

      1. Start, All Programs, CA, FederationManager, Stop services
      2. Start, All Programs, CA, FederationManager, Start services
    • UNIX

      a. Open a command window.

      b. Run the following scripts:

      federation_mgr_home/fedmanager.sh stop

      federation_mgr_home/fedmanager.sh start

      Note: Do not stop and start the services as the root user.

    Restarting federation services makes the system aware of the changes to signing.

Signature verification is now configured at the SP.