|
|
|
These keys and certificates in smkeydatabase can be at the consuming or producing authority.
The following types of keys and certificates are stored in smkeydatabase:
The key and certificate are used to do the following:
The smkeydatabase can store multiple private keys and certificates. If a signing alias is configured, the Assertion Generator uses the key associated with that alias to sign assertions. If no signing alias is configured, the Assertion Generator uses the key with the alias defaultenterpriseprivatekey to sign assertions. If there is no default enterprise private key found, then the Assertion Generator uses the first private key that it finds in the database to sign assertions.
Important! To store multiple keys in the database, you must define the first key you add with the alias defaultenterpriseprivatekey before you can add subsequent keys.
A given Policy Server may sign and/or verify responses. Keys and certificates for signing and validation can be added to the same key database, depending on what the Policy Server is doing. For single sign-on, if a site is only consuming assertions using SAML POST profile, then that consumer/Service Provider only verifies the response; it never signs it. In the case of single logout, it depends upon which site initiates the single logout that determines which side signs or verifies requests and responses.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |