|
|
|
Digitally signing assertions is required in a SAML 2.0 POST single sign-on. For signing and verification tasks, a private key/certificate pair is used.
Prior to any transaction or runtime actions, such as signing an assertion, an administrator at IdP1 sends a file to SP1 that contains a certificate (public key) associated with the private key that IdP1 will use to sign assertions. An administrator at SP1 adds the certificate to its key database.
Note: If you add a new certificate to the key database or update an existing certificate, restart the Federation Manager services to see the change immediately. If you do not restart the services, it takes some time before the policy engine and the key database synchronize.
When the single sign-on transaction occurs, IdP1 signs the assertion with its private key. SP1 receives the assertion and verifies the assertion signature using the certificate in its key database.
The following procedures for setting up signing are organized by the configuration steps required at each site.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |