Configuration GuidesFederation Security Services GuideConfigure SOA Security Manager as a SAML 2.0 Service ProviderSAML 2.0 Authentication Scheme Prerequisites › Set Up a Key Database to Sign and Verify SAML POST Responses

Previous Topic: Install the Web Agent or SPS Federation Gateway

Next Topic: Configure the SAML 2.0 Authentication Scheme
Set Up a Key Database to Sign and Verify SAML POST Responses

Set up a key database for each Policy Server that is responsible for signing assertions, verifying signatures or both.

SOA Security Manager can sign and verify HTTP-POST responses and sign AuthnRequest messages.

For HTTP-POST single sign-on, the Identity Provider uses its private key/certificate pair to sign the assertion response. The Service Provider then verifies that signature using the associated certificate (public key).

The Service Provider can sign an AuthnRequest message that it sends to the Identity Provider message authenticate a user for cross-domain single sign-on.