Federation Security Services GuideAuthenticate SAML 2.0 Users at the Service ProviderSAML 2.0 Authentication Scheme Prerequisites › Set Up a Key Database to Sign and Verify SAML POST Responses

Previous Topic: Install the Web Agent or SPS Federation Gateway

Next Topic: Configure the SAML 2.0 Authentication Scheme

Set Up a Key Database to Sign and Verify SAML POST Responses

SiteMinder can sign and verify SAML POST Responses and sign AuthnRequest Messages.

To use SAML POST profile for passing assertions, the assertion generator at the Identity Provider uses its private key and signs the SAML response that contains the assertion. The Service Provider then needs to verify that signature using public-key certificates.

In addition to the response being signed, you can sign an AuthnRequest message. The AuthnRequest message is sent during the authentication process to authenticate a user for cross-domain single sign-on.

To accomplish these tasks, you must set up a key database for each Policy Server that is responsible for signing, verification or both.

Copyright © 2010 CA. All rights reserved. Email CA about this topic