Previous Topic: Create a Policy to Implement Attributes as HTTP HeadersNext Topic: Add a Client Certificate to smkeydatabase


Enable Client Certificate Authentication for the Back Channel(optional)

If you have configured single sign-on with the artifact profile, you can select client certificate authentication to protect the Assertion Retrieval Service at the producer. This service retrieves the assertion and sends it to the consumer.

Note: Client certificate authentication is optional; you can also use Basic authentication.

The SAML credential collector invokes the SAML artifact authentication scheme. The SAML credential collector collects information from the scheme to retrieve the SAML assertion from the Producer. You are required to specify the authentication method for the realm that contains the Assertion Retrieval Service. The SAML credential collector determines what type of credentials to provide to retrieve the assertion.

If the Assertion Retrieval Service is part of a realm using a client certificate authentication scheme, complete these configuration tasks:

The process of enabling client certificate authentication includes the following:

  1. Add a client certificate to the certificate data store.
  2. Select the client certificate option for back channel authentication.