Previous Topic: Sign and Encrypt Federation MessagesNext Topic: Signature Configuration at the SAML 1.1 Consumer


Signature Configuration at a SAML 1.1 Producer

The Signature step lets you define how SiteMinder uses private keys and certificates to verify SAML assertions and assertion responses.

Note: SAML 1.1 does not support encryption.

There can be multiple private keys and certificates in the certificate data store. If you have multiple federated partners, you can use a different key pair for each partner.

Note: If the system is operating in FIPS_COMPAT or FIPS_MIGRATE mode, all certificate and key entries are available from the pull-down list. If the system is operating in FIPS-Only mode, only FIPS-approved certificate and key entries are available.

Follow these steps:

  1. Begin by selecting the Signature step in the partnership wizard.

    Note: Click Help for a description of fields, controls, and their respective requirements.

  2. In the Signature section, select an alias from the pull-down list for the Signing Private Key Alias field.

    If there is no private key in the certificate data store, click Import to import a key. Alternatively, click Generate to create a certificate request.

    By completing this field, you are indicating which private key the asserting party uses to sign assertions and responses.

  3. For the Artifact and Post signature options, select the specific components (assertion, response) that you want signed.

Note: If you are using SiteMinder in a test environment, you can disable signature processing to simplify testing. Click the Disable Signature Processing checkbox.

Signature configuration at the SAML 1.1 producer is complete.