|
|
|
For the SAML artifact profile, the asserting party sends the assertion to the consumer over a back channel. Protect the back channel with an authentication scheme.
If you use basic authentication and SOA Security Manager is at both partners, the Affiliate Name at each site is the name of the relying party. If the asserting party is not SOA Security Manager, the asserting party administrator must provide you with the name they are using to identify your site. Specify the supplied name as the Affiliate Name in your authentication scheme configuration.
If you use client certificate authentication for the back channel, the Affiliate Name must be the alias of the client certificate. The client certificate is stored in the certificate data store.
The Policy Server supports client certificate authentication over the backchannel using non-FIPS 140 encrypted certificates, even when the Policy Server is operating in FIPS-only mode. However, for a strictly FIPS-only installation, use certificates only encrypted with FIPS 140-compatible algorithms.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |