Federation Manager Guide › Federation Partnerships › Assertion Security with Digital Signatures and Encryption › Signature Configuration at a SAML 1.1 Producer

Signature Configuration at a SAML 1.1 Producer

The Signature step in the Partnership wizard lets you define how Federation Manager uses private keys and certificates to sign and verify SAML assertions and assertion responses for Artifact and POST profile.

Note: SAML 1.1 does not support encryption.

There can be multiple private keys and certificates in the key database. If you have multiple federated partners, you can use a different key pair for each partner.

Note: For a Federation Manager system operating in FIPS_COMPAT or FIPS_MIGRATE mode, all FIPS and non-FIPS certificate and key entries in the key database are available in the respective pull-down lists. If your Federation Manager system is operating in FIPS-Only mode, only FIPS-approved certificate and key entries are available.

To configure signing options at the producer

1. Begin by selecting the Signature step in the Partnership wizard.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

2. In the Signature group box, select an alias from the pull-down list for the Signing Private Key Alias field.

   If there is no private key in the database, click Import to import a key or click Generate to create a certificate request.

   By completing this field, you are indicating which private key the asserting party uses to sign assertions and responses.

3. For the Artifact and Post signature options, select the specific components (assertion, response) that you want signed.

Note: If you are using Federation Manager in a test environment, you can disable signature processing to simplify testing. Click the Disable Signature Processing checkbox to accomplish this.

Signature configuration at the SAML 1.1 producer is complete.