Configuration GuidesFederation Security Services GuideAuthenticate SAML 1.x Users at a ConsumerSAML 1.x Authentication Scheme Prerequisites › Set Up a Key Database to Sign and Verify SAML POST Responses

Previous Topic: Install Federation Web Services at the Producer and Consumer

Next Topic: Configure SAML 1.x Artifact Authentication
Set Up a Key Database to Sign and Verify SAML POST Responses

To use the SAML POST profile for passing assertions, the producer must sign the SAML response that contains the assertion. The assertion consumer at the consumer site must verify that signature.

To accomplish these tasks, set up a key database for each Policy Server that is responsible for signing, verification or both. The key database is a flat-file key and certificate database that lets you manage and retrieve keys and certificates required to sign and validate SAML responses used with SAML POST profile authentication.