CA SiteMinder® Federation Standalone Guide › Getting Started with a Simple Partnership › Enable Signature Processing › Configure Signature Processing at the IdP

Configure Signature Processing at the IdP

For POST single sign-on, Idp1 is required to sign assertions. It uses the private key in the certificate data store to sign assertions.

Note: The example assumes that you have a file from which you to import keys and certificates, or that you already have private keys and certificates for signing and verification tasks.

Follow these steps:

1. From the UI, click the Federation tab and select Partnerships.

   The View Federation Partnerships window displays.

2. Select Action, Deactivate next to the entry for TestPartnership, which is the IdP ->SP partnership.

   Deactivate a partnership before editing it.

3. Click Action, Modify next to the entry for TestPartnership.

   The dialog for the first step of the Partnership wizard opens.

4. Click the Signature and Encryption step in the partnership wizard.
5. In the Signature group box:
   1. Deselect Disable Signature Processing.
   2. Click Import next to the Signing Private Key Alias field.

      The Import Certificate/Private Key window opens.

6. Complete the import wizard as follows:
   1. Select the file from where you are importing the private key/certificate pair.
   2. If the file is a pkcs#12 file, supply the password to encrypt the file.
   3. Select the certificate entry from the file that you want to import and enter a value for the Alias, such as cert1.
   4. Confirm the selection and click Finish.

   You return to the View Federation Partnerships window.

7. Select Action, Modify for the partnership entry.
8. Go to the Signature and Encryption step. In the dialog, the key/certificate that you imported is now available from the Signing Private Key Alias drop-down list.
9. Select the alias for cert1 and click Next.
10. Review the settings in the Confirm dialog and click Finish.

    You return to the View Federation Partnerships window.

11. Reactivate the partnership by selecting Action, Activate next to the TestPartnership entry in the Federation Partnership List.
12. Restart the federation services according to your operating environment.
    • Windows

      Use the stop and start shortcuts as follows. If you logged in as a network user and not a local administrator, right-click the shortcut and select Run as administrator.

      1. Start, All Programs, CA, Federation Standalone, Stop services
      2. Start, All Programs, CA, Federation Standalone, Start services
    • UNIX

      a. Open a command window.

      b. Run the following scripts:

      federation_install_dir/fedmanager.sh stop

      federation_install_dir/fedmanager.sh start

      Note: Do not stop and start the services as the root user.

    Restarting the federation services makes the system aware of the changes to signing.

Signature processing is now configured at the IdP.