Federation Security Services GuideFederation Web Services Application SetupProtect the Federation Web Services Application › Protect the Assertion Retrieval or Artifact Resolution Service (optional)

Previous Topic: Enforce Policies that Protect Federation Web Services

Next Topic: Use Basic over SSL Scheme to Protect the Assertion Retrieval Service

Protect the Assertion Retrieval or Artifact Resolution Service (optional)

If you configure an artifact authentication scheme at a consumer/Service Provider, the Assertion Retrieval Service (SAML 1.x) and the Artifact Resolution Service (SAML 2.0) are the mechanisms that retrieve the assertion from the Policy Server at the producer/Identity Provider.

We strongly recommend that you protect the Assertion Retrieval Service (SAML 1.x) and the Artifact Resolution Service (SAML 2.0) against unauthorized access.

To protect these services, you specify an authentication scheme for the realm that contains the service at the producer/Identity Provider. The authentication scheme dictates the type of credentials that the SAML credential collector (SAML 1.x) or the Assertion Consumer Service (SAML 2.0) must provide to access the relevant service.

You can select one of the following authentication schemes:

Copyright © 2010 CA. All rights reserved. Email CA about this topic