Previous Topic: Create an Entity by Importing MetadataNext Topic: Exporting a Local Entity

Federation GuidesPartnership Federation GuideFederation Entity ConfigurationCreate an Entity by Importing MetadataCertificate Imports

Certificate Imports

To verify signed assertions, import certificates if the metadata includes them. If the metadata does not include certificates, skit this step and go to the Confirm step.

Follow these steps:

  1. From the Import Certificates step, select the certificate entry or entries from the metadata file that you want to import.

    If you select a certificate file with invalid entries, the next dialog contains a section listing the expired entries. You cannot select these expired entries. They are displayed for your reference. If all entries in the file are invalid, the import wizard skips the certificate selection step.

    Specify a unique alias for each entry that you chose.

  2. Click Next

    The Confirm dialog displays showing a table of entries.

    You can select two entries from a metadata file that have the same certificate. For SAML 1.1 metadata, every entry shows Signing as the usage for the certificate because SAML 1.1 does not encrypt data.

    For SAML 2.0, each entry can show a different usage for the certificate, for example, one for signing, one for encryption. When you get to the Confirm step, the window shows a table with a single certificate entry. The certificate usage is listed as Signing and Encryption. This entry is the combination of the two entries you chose previously. This entry also uses the first alias that you specified for the certificate entry you selected.

    This situation occurs only if the same certificate was listed in the metadata file for both uses. If the file contains two separate certificates, the confirmation step shows both entries in the table.

    For example, you select two entries from the metadata file and you do not realize they are the same certificate. The first usage is Signing and you assign it the alias cert1. The second usage is Encryption and you assign it the alias cert2. When you confirm the import, you see a table titled Selected Certificate Data with an entry similar to the following entry:

    Alias Issued To Usage

    cert1 Jane Doe Signing and Encryption

    If no usage is specified in the metadata file, then the usage defaults to Signing and Encryption.

  3. Click Next to finish the configuration.
Confirm the Entity Configuration

Review the entity configuration before saving it.

Follow these steps:

  1. Review the settings in the entity dialog.
  2. Click Back to modify any settings from this dialog.
  3. Click Finish when you are satisfied with the configuration.

A new entity is configured.