|
|
|
By default, signature processing is enabled because it is required by the WS-Federation Passive Requester profile; therefore, it must be enabled in a production environment. WS-Federation signout requests are always signed by SiteMinder, but no configuration is required in the FSS Administrative UI. You only have to add the private key and certificate of the authority responsible for signing to the smkeydatabase.
Important! For debugging purposes only, you can temporarily disable all signature processing (both signing and verification of signatures) by checking the Disable Signature Processing option on the General tab.
To validate signatures of signout requests, there are configuration steps in the FSS Administrative UI and the smkeydatabase.
To set-up validation
The public key must correspond to the private key and certificate that the Resource Partner used to do the signing.
Note: To see changes to the smkeydatabase immediately, restart the Policy Server. Otherwise, the database updates based on the frequency you configure in the smkeydatabase.properties file.
If you select this check box, the Account Partner will validate the signature of the signout request and response.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |