Previous Topic: Signature Configuration at a SAML 1.1 Producer

Next Topic: Signature and Encryption Tasks at a SAML 2.0 IdP

Federation Manager GuideFederation PartnershipsSign and Encrypt Federation MessagesSignature Configuration at the SAML 1.1 Consumer

Signature Configuration at the SAML 1.1 Consumer

In the Signature step, define how Federation Manager uses private keys and certificates to verify SAML assertions and assertion responses.

Note: SAML 1.1 does not support encryption.

The certificate data store holds multiple private keys and certificates. If you have multiple federated partners, you can use a different key pair for each partner.

Note: For a Federation Manager system operating in FIPS_COMPAT or FIPS_MIGRATE mode, all certificate and key entries are available from pull-down lists. If your system is operating in FIPS-Only mode, only FIPS-approved certificate and key entries are available.

Follow these steps:

  1. Begin by selecting the Signature step in the Partnership wizard.
  2. Select an alias for the Verification Certificate Alias field.

    By completing this field, you are indicating which certificate verifies signed assertions or responses or both. If there is no certificate in the database, click Import to import one or click Generate to create a certificate request.

Note: In a test environment, disable signature processing to simplify testing. Click the Disable Signature Processing check box.

Signature configuration at the SAML 1.1 consumer is complete.