Previous Topic: Set Up smkeydatabase at the SP for Signature ValidationNext Topic: Encrypt and Decrypt the Assertion

Federation Security Services GuideDeploy Federation Using a Manual ConfigurationAdd Functionality to the Federation DeploymentConfigure Digital Signing (required for POST Binding)Enable Signature Validation at the SP

Enable Signature Validation at the SP

To validate a digital signature for POST single sign-on

  1. Log in to the FSS Administrative UI.
  2. From the System tab, select Authentication Schemes to display the Authentication Scheme List.

    Select the existing SAML 2.0 authentication scheme, Partner IdP.demo Auth Scheme

    The Authentication Scheme Properties dialog opens.

  3. In the Scheme Common Setup section, clear the Disable Signature Processing. Disabling this option enables signature processing.
  4. In the D-Sig Info box, enter the following:
    Issuer DN

    CN=Certificate Manager,OU=IAM,O=CA.COM

    Serial Number

    008D 8B6A D18C 46D8 5B

    The D-Sig information enables the Service Provider to verify the SAML response signature. The values for the Issuer DN and Serial Number are from the public key in the smkeydatabase of the Service Provider.

  5. Click OK.

    Validation configuration is now complete.

  6. Test POST single sign-on.