The following types of certificates are stored in smkeydatabase at the relying party site:
Used for establishing an SSL connection from a relying party to the web server at a asserting party.
A set of common root CA certificates are shipped with the default smkeydatabase. To use a certificate for a CA that are not already in the key store, you must import the certificate into the database.
Used for sending a certificate from a relying party to an asserting party. The certificate serves as credentials when the consumer must authenticate using a client certificate authentication scheme to access the Assertion Retrieval or Artifact Resolution Service.
Used for performing digital signature verification at the relying party to ensure the partner issuing the assertion is a trusted site. At a SAML 2.0 Identity Provider, the partner certificate is used to verify the signed messages from the Service Provider during single logout. The Service Provider certificate must exist at Identity Provider's machine.
When the Web Agent initializes, it gets all the client and server certificates, but the keys remain at the Policy Server.
|
Copyright © 2012 CA.
All rights reserved.
|
|