Federation Security Services GuideFederation Web Services Application SetupProtect the Federation Web Services ApplicationProtect the Assertion Retrieval or Artifact Resolution Service (optional) › Use a Client Cert. to Protect the Assertion Retrieval or Artifact Resolution Service

Previous Topic: Use Basic over SSL Scheme to Protect the Assertion Retrieval Service

Next Topic: Flush Federation Web Services Cache for Trace Logs
Use a Client Cert. to Protect the Assertion Retrieval or Artifact Resolution Service

To use a client certificate authentication scheme, you:

  1. Create a policy at the producer/Identity Provider to protect the relevant service. This policy will use the client certificate authentication scheme.
  2. Enable client certificate authentication at the consumer/Service Provider.
How to Use Client Cert. Authentication with an IIS 5.0 Web Server

Client certificate authentication is not supported for IIS 5.0 Web servers at the producer/Identity Provider. However, it can be used on an IIS 5.0 Web server at the consumer/Service Provider to communicate with a non-SiteMinder producer/Identity Provider.

To work around this issue, use the IIS 5.0 Web server's client certificate functionality at the producer/Identity Provider and do not configure SiteMinder's client certificate functionality. If you apply this workaround, be aware that the CN portion of the certificate's DN value must contain the affiliate name value.

More Information:

Protect the Artifact Resolution Service with Client Certificate Authentication (optional)

Protect the Assertion Retrieval Service with Client Certificate Authentication (optional)

Configure the Client Certificate Option at the Consumer

Copyright © 2010 CA. All rights reserved. Email CA about this topic