Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Service Provider › Enable Client Certificate Authentication for the Back Channel(optional)

Enable Client Certificate Authentication for the Back Channel(optional)

If you have configured single sign-on with the artifact profile, you can select client certificate authentication to protect the Assertion Retrieval Service at the producer. This service retrieves the assertion and sends it to the consumer.

Note: Client certificate authentication is optional; you can also use Basic authentication.

The SAML credential collector invokes the SAML artifact authentication scheme. The SAML credential collector collects information from the scheme to retrieve the SAML assertion from the Producer. You are required to specify the authentication method for the realm that contains the Assertion Retrieval Service. The SAML credential collector determines what type of credentials to provide to retrieve the assertion.

If the Assertion Retrieval Service is part of a realm using a client certificate authentication scheme, complete these configuration tasks:

• At the Consumer, select the client certificate option to indicate that a certificate provides credentials.
• At the Producer, create a policy to protect the Assertion Retrieval Service.

The process of enabling client certificate authentication includes the following:

1. Add a client certificate to the certificate data store.
2. Select the client certificate option for back channel authentication.