Configuring the Client Certificate Option at the Service Provider

To set-up the client certificate authentication to secure the backchannel to the artifact resolution service,

To present a client certificate as credentials

In the Authentication Scheme Properties dialog for SAML 2.0 authentication, click Additional Configuration.
Select the SSO tab.
Select HTTP-Artifact in the Bindings section.
Select Client cert for the Authentication field.

This procedure assumes that you already have a private key/certificate pair from a Certificate Authority.

Create an smkeydatabase, if one does not exist. Enter the command:
```
smkeytool -createDB smkeydatabase -password <password>
```
Add a private key and client certificate to smkeydatabase by entering the following command.
```
smkeytool -alias <alias> -addPrivKey - keyfile<file_path_to_key_file>
-certfile<file_path_to_certificate>
```
Notes:
- The value for alias must be same as the value of the Name field specified in the Scheme Setup dialog for the SAML 2.0 authentication scheme with HTTP-artifact binding. The attribute of the subject DN for the Service Provider, represented in the example by the CN value, must also reflect the Name value.
  For example, if you entered CompanyA as the Name, then alias would be Company A, and the attribute could be CN=CompanyA, OU=Development, O=CA, L=Islandia, ST=NY, C=US
- To refer to the existing entry, subsequent keytool commands must use the same alias.
- The value for keypass must be same as the value of the Password field specified in the Scheme Setup dialog for the SAML 2.0 authentication scheme.
Restart the Policy Server to see the changes to the smkeydatabase immediately.