Configuring the Client Certificate Option at the Service Provider

To set-up the client certificate authentication to secure the backchannel to the artifact resolution service, you need to

To present a client certificate as credentials

In the Authentication Scheme Properties dialog for SAML 2.0 authentication, click Additional Configuration.
Select the SSO tab.
Select HTTP-Artifact in the Bindings group box.
Select Client cert for the Authentication field.

This procedure assumes you already have a private key and certificate from a Certificate Authority.

Create an smkeydatabase, if one does not already exist. Enter the command:
```
smkeytool -createDB smkeydatabase -password <password>
```
Add a private key and client certificate to smkeydatabase by entering the following command.
```
smkeytool -alias <alias> –addPrivKey - keyfile<file_path_to_key_file>
-certfile<file_path_to_certificate>
```
Notes:
- The value for alias should be same as the value of the Name field specified in the Scheme Setup dialog for the SAML 2.0 authentication scheme with HTTP-artifact binding. The attribute of the Service Provider's subject DN, represented in the example by the CN value, should also reflect the Name value.
  For example, if you entered CompanyA as the Name, then alias would be Company A, and the attribute could be CN=CompanyA, OU=Development, O=CA, L=Islandia, ST=NY, C=US
- To refer to the existing entry, subsequent keytool commands must use the same alias.
- The value for keypass should be same as the value of the Password field specified in the Scheme Setup dialog for the SAML 2.0 authentication scheme.
Restart the Policy Server to see the changes to the smkeydatabase immediately.