Keys and certificates used to sign SAML assertions for POST binding are stored in the smkeydatabase. Signing a SAML response is required, so you need to create smkeydatabase at the Identity Provider and add the appropriate items to it.
If you deployed the sample application, you can use the key that it automatically installs. If you want to create a new key, use the smkeytool utility to delete all the data from the smkeydatabase and complete the following procedures.
To create a key database and add a private key and certificate to it
smkeytool.bat createDB -password password
This creates the smkeydatabase.
idp.demo signs the SAML response before sending it to sp.demo.
The command for this deployment is:
smkeytool.bat -addPrivKey -alias defaultenterpriseprivatekey -keyfile "c:\program files\ca\siteminder\certs\post-pkey.der" -certfile "c:\program files\ca\siteminder\certs\post-cert.crt" -password password
The first part of this command is the location of the private key in DER format at the Identity Provider. For this deployment, that is post-pkey.der. The second part of the command is the location of the public key certificate, which is post-cert.crt followed by the password associated with the private key, which is password.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |