Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Add Functionality to the Federation Deployment › Configure Digital Signing (required for POST Binding)

Configure Digital Signing (required for POST Binding)

For POST single sign-on, the SAML response must be signed. There are configuration tasks at the Identity Provider and Service Provider to enable digital signing.

Important! In a production environment, signature processing is a mandatory security requirement.

Required task at the Identity Provider:

• Add a Private Key and Certificate to the IdP SMkeydatabase

Required tasks at the Service Provider:

• Set Up the Key Database at the SP to Validate Digital Signatures
• Enable Signature Validation at the SP