Configuration Guides › Federation Security Services Guide › Configure SOA Security Manager as a SAML 1.x Producer › Protecting the Assertion Retrieval Service with Client Certificate Authentication (optional)

Protecting the Assertion Retrieval Service with Client Certificate Authentication (optional)

By default, there is a configured policy that uses the Basic over SSL authentication scheme to protect the assertion retrieval service. Configure the policy for the Client Certificate authentication scheme for a realm other than the one that uses the Basic over SSL scheme.

Generally, the administrator at the Identity Provider creates two policies to protect the assertion retrieval service by Basic over SSL and with Client Certificate authentication.

The steps to protect the assertion retrieval service using a client certificate authentication scheme are listed following.

• Create a policy at the producer that uses an X.509 client certificate authentication scheme.
• Enable client certificate authentication at the consumer.

More Information:

Create the Assertion Retrieval Service Policy

Access the Assertion Retrieval Service with a Client Certificate (optional)