Federation Security Services GuideDeploying Federation without the FSS Sample ApplicationAdd Functionality to the Federation DeploymentConfigure Digital Signing (required for POST Binding) › Enable Signature Validation at the SP

Previous Topic: Set Up smkeydatabase at the SP for Signature Validation

Next Topic: Encrypt and Decrypt the Assertion
Enable Signature Validation at the SP

To validate a digital signature for POST single sign-on

  1. Log into the FSS Administrative UI.
  2. From the System tab, select Authentication Schemes to display the Authentication Scheme List.

    Select the existing SAML 2.0 authentication scheme, Partner IdP.demo Auth Scheme

    The Authentication Scheme Properties dialog box opens.

  3. In the Scheme Common Setup group box, uncheck the Disable Signature Processing check box. Unchecking this box enables signature processing.
  4. In the D-Sig Info box, enter the following:

    The D-Sig information enables the Service Provider to verify the SAML response signature. The values for the Issuer DN and Serial Number are from the public key in the Service Provider's smkeydatabase.

  5. Click OK.

    Validation configuration is now complete.

  6. Test POST single sign-on.

Copyright © 2010 CA. All rights reserved. Email CA about this topic