Federation Manager Guide › Getting Started with a Simple Partnership › Enable Signature Processing › Configure Signature Processing at the SP

Configure Signature Processing at the SP

SP1 is required to verify the signature of an assertion. Prior to a transaction, SP1 should have received the certificate (public key) from IdP1. This is the certificate associated with the private key IdP1 is using to sign the assertion.

This certificate must be imported into SP1's key database.

To configure signature verification

1. From the Federation Manager UI, click the Federation tab and select Partnerships.

   The View Federation Partnerships window displays.

2. Select Action, Deactivate next to the entry for DemoPartnership.

   You must deactivate a partnership prior to editing it.

3. Click Action, Edit next to the entry for DemoPartnership.

   The dialog for the first step of the Partnership wizard opens.

4. Click the Signature and Encryption step in the Partnership wizard.
5. In the Signature group box, do the following:
   1. Deselect Disable Signature Processing.
   2. Click Import next to the Verification Certificate Alias field.

      The Import Certificate/Private Key window opens.

6. Complete the import wizard as follows:
   1. Select the file from where you are importing the certificate.
   2. Select the certificate entry from the file that you want to import and enter a value for the Alias, such as cert1.
   3. Confirm the selection and click Finish.

   You return to the View Federation Partnerships window.

7. Select Action, Edit for the partnership entry.
8. Go to the Signature and Encryption step. In the dialog, you will notice that the key/certificate that you imported should now be available from the Signing Private Key Alias drop-down list.
9. Select the alias you just configured, cert1, for the certificate and click Next.
10. Review the settings in the Confirm dialog and click Finish.

    You return to the View Federation Partnerships window.

11. Reactivate the partnership by selecting Action, Activate next to the DemoPartnership entry in the Federation Partnership List.
12. Restart the Federation Manager services, according to your operating environment.
    • Windows

      Use the Federation Manager stop and start shortcuts as follows:

      1. Start, All Programs, CA, FederationManager, Stop services
      2. Start, All Programs, CA, FederationManager, Start services
    • Solaris

      a. Open a command window.

      b. Run the following scripts:

      federation_mgr_home/fedmanager.sh stop

      federation_mgr_home/fedmanager.sh start

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

      Note: Do not stop and start the services as the root user. You must be a non-root user.

    Restarting services makes Federation Manager aware of the changes to signing.

Signature verification is now configured at the SP.