|
|
|
At the consuming authority, the smkeydatabase is used for SAML 1.x and SAML 2.0 artifact single sign-on.
For SAML 1.x and SAML 2.0 artifact protocol, the consuming authority sends a request for the assertion to the Assertion Retrieval Service (SAML 1.x) or the Artifact Resolution Service (SAML 2.0). These services retrieve the assertion from the producing authority, which then returns the assertion to the consuming authority over a back channel.
It is recommended that you protect these services from unauthorized access. To secure the Assertion Retrieval or Artifact Resolution Service, you can use one of the following authentication methods:
For any of these authentication methods, the smkeydatabase at the consuming authority must be configured correctly so it can communicate with the Assertion Retrieval Service or Artifact Resolution Service in a secure manner.
If the connection between the two entities is an SSL connection, the consuming authority needs to have the Certificate Authority (CA) certificate associated with the server certificate from the producing authority to ensure that it trusts the server certificate. If an X.509 client certificate is required to establish a connection, then the smkeydatabase at the consuming authority must contain the client certificate.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |