Previous Topic: Sign and Encrypt Federation Messages

Next Topic: Signature Configuration at the SAML 1.1 Consumer

Federation Manager GuideFederation PartnershipsSign and Encrypt Federation MessagesSignature Configuration at a SAML 1.1 Producer

Signature Configuration at a SAML 1.1 Producer

In the Signature step, define how Federation Manager uses private keys and certificates to verify SAML assertions and assertion responses.

Note: SAML 1.1 does not support encryption.

The certificate data store holds multiple private keys and certificates. If you have multiple federated partners, you can use a different key pair for each partner.

Note: For a Federation Manager system operating in FIPS_COMPAT or FIPS_MIGRATE mode, all certificate and key entries are available from pull-down lists. If your system is operating in FIPS-Only mode, only FIPS-approved certificate and key entries are available.

Follow these steps:

  1. Select the Signature step in the Partnership wizard.

    Note: Click Help for a description of fields, controls, and their respective requirements.

  2. In the Signature section, select an alias for the Signing Private Key Alias field.

    If there is no private key in the certificate data store, import a key or generate a certificate request.

    By completing this field, you are indicating which private key the asserting party uses to sign assertions and responses.

  3. For the Artifact and Post signature options, select the specific components (assertion, response) that you want signed.

Note: In a test environment, select the Disable Signature Processing check to disable signature processing to simplify testing.

Signature configuration at the SAML 1.1 producer is complete.