Federation Manager Guide › Federation Partnerships › Assertion Security with Digital Signatures and Encryption › Signature Configuration at the SAML 1.1 Consumer

Signature Configuration at the SAML 1.1 Consumer

The Signature step in Partnership wizard lets you define how Federation Manager uses private keys and certificates to verify SAML assertions and assertion responses for Artifact and POST profile.

Note: SAML 1.1 does not support encryption.

There can be multiple private keys and certificates in the key database. If you have multiple federated partners, you can use a different key pair for each partner.

Note: For a Federation Manager system operating in FIPS_COMPAT or FIPS_MIGRATE mode, all FIPS and non-FIPS certificate and key entries in the key database are available in the respective pull-down lists. If your Federation Manager system is operating in FIPS-Only mode, only FIPS-approved certificate and key entries are available.

To configure verification options at the consumer

1. Begin by selecting the Signature step in the Partnership wizard.
2. Select an alias from the key database for the Verification Certificate Alias field.

   By completing this field, you are indicating which certificate verifies signed assertions and/or responses. If there is no certificate in the database, click Import to import one or click Generate to create a certificate request.

Note: If you are using Federation Manager in a test environment, you may want to disable signature processing to simplify testing. Click the Disable Signature Processing checkbox to accomplish this.

Signature configuration at the SAML 1.1 consumer is complete.