Federation Manager GuideFederation Entity ConfigurationHow to Create an Entity by Importing Metadata › Certificate Imports

Previous Topic: Select an Entity to Import

Next Topic: Confirm the Entity Configuration

Certificate Imports

To verify signed assertions, you must import certificates if the metadata includes them.

Note: If the metadata does not include certificates, disregard this step.

To import certificates for an entity

  1. From the Import Certificates step, select the certificate entry or entries from the metadata file that you want to import.

    If you choose a certificate file with expired entries or entries that are not yet valid, the next dialog that the UI displays contains a section listing the expired entries. You cannot select these expired entries. They are displayed for your reference. If all entries in the file are invalid, the import wizard skips the certificate selection step and displays a message indicating that there are no valid entries.

  2. Specify a unique alias for each entry that you chose.
  3. Click Next

    The Confirm dialog displays showing a table of entries.

    You may choose two entries from a metadata file that have the same certificate. For SAML 1.1 metadata, every entry shows Signing as the usage for the certificate because SAML 1.1 does not encrypt data.

    For SAML 2.0, each entry may show a different usage for the certificate, for example, one for signing, one for encryption. When you get to the Confirm step, the window shows a table with a single certificate entry whose usage is listed as Signing and Encryption. This entry is the combination of the two entries you chose previously. This entry will also use the first alias you specified for the certificate entry you selected.

    This situation occurs only if the same certificate was listed in the metadata file for both uses. If the file contains two separate certificates, the confirmation step shows both entries in the table.

    For example, you select two entries from the metadata file and you do not realize they are the same certificate. The first entry's usage is Signing and you assign it the alias cert1. The second entry's usage is Encryption and you assign it the alias cert2. When you confirm the import, you see a table titled Selected Certificate Data with an entry similar to the following:

    Alias Issued To Usage

    cert1 Jane Doe Signing and Encryption

    If no usage is specified in the metadata file, then the usage defaults to Signing and Encryption.

  4. Click Next to finish the configuration.

Copyright © 2010 CA. All rights reserved. Email CA about this topic