Federation Security Services Guide › Authenticate SAML 1.x Users at a Consumer › Access the Assertion Retrieval Service with a Client Certificate (optional)

Access the Assertion Retrieval Service with a Client Certificate (optional)

This procedure is for single sign-on only with the artifact profile.

If you have configured single sign-on with the artifact profile, you can select client certificate authentication to protect the Assertion Retrieval Service at the producer. This service retrieves the assertion and sends it to the consumer.

Note: Client certificate authentication is optional; you can also use Basic authentication.

The SAML Artifact authentication scheme is invoked by the SAML credential collector, which collects information from the scheme to retrieve the SAML assertion from the producer. You are required to specify the authentication method for the realm that contains the Assertion Retrieval Service. This tells the SAML credential collector what type of credentials to provide to retrieve the assertion.

If the Assertion Retrieval Service is part of a realm using a client certificate authentication scheme, there are some configuration tasks at the consumer and the producer that you need to complete, as follows:

• At the consumer, select the client certificate option to indicate that a certificate will be presented as credentials.
• At the producer, create a policy to protect the Assertion Retrieval Service.