Use a Client Cert. to Protect the Assertion Retrieval or Artifact Resolution Service

To use a client certificate authentication scheme, you:

Create a policy at the producer/Identity Provider to protect the relevant service. This policy uses the client certificate authentication scheme.
Enable client certificate authentication at the consumer/Service Provider.

How to Use Client Cert. Authentication with an IIS 5.0 Web Server

Client certificate authentication is not supported for IIS 5.0 Web servers at the producer/Identity Provider. However, it can be used on an IIS 5.0 Web Server at the consumer/Service Provider to communicate with a non-SiteMinder producer/Identity Provider.

To work around this issue, use the IIS 5.0 Web Server client certificate functionality at the producer/Identity Provider and do not configure SiteMinder client certificate functionality. If you apply this workaround, verify that the CN portion of the DN value for the certificate must contain the affiliate name value.

More Information:

Protect the Artifact Resolution Service with Client Certificate Authentication (optional)

Protecting the Assertion Retrieval Service with Client Certificate Authentication (optional)

Configure the Client Certificate Option at the Consumer

Email CA Technologies about this topic