Federation Security Services GuideIdentify Consumers at a SAML 1.x Producer › Protect the Assertion Retrieval Service with Client Certificate Authentication (optional)

Previous Topic: Create a Policy to Protect the Authentication URL

Next Topic: Use of Client Cert. Auth. with an IIS 5.0 Web Server

Protect the Assertion Retrieval Service with Client Certificate Authentication (optional)

By default, there is a pre-configured policy that uses the Basic over SSL authentication scheme to protect the Assertion Retrieval Service. When you configure the policy for the client certificate authentication scheme, you create this policy for a different realm than the realm that uses the Basic over SSL scheme.

Generally, the administrator at the Identity Provider should create two policies to protect the Assertion Retrieval Service by Basic over SSL and to protect it with client certificate authentication.

To protect the Assertion Retrieval Service using a client certificate authentication scheme, you:

More Information:

Create the Assertion Retrieval Service Policy

Access the Assertion Retrieval Service with a Client Certificate (optional)

Copyright © 2010 CA. All rights reserved. Email CA about this topic