FederationFederation Security Services GuideSAML 2.0 Authentication Scheme Properties Reference › SAML 2.0 Authentication Properties--Scheme Setup Tab

Previous Topic: Navigate to the SAML 2.0 Auth Scheme Properties Dialog

Next Topic: SAML 2.0 Authentication Properties--Advanced Tab

SAML 2.0 Authentication Properties--Scheme Setup Tab

The Scheme Setup tab for SAML 2.0 authentication lets you specify how the Service Provider communicates with the Identity Provider to retrieve the assertion.

The fields on this tab are:

SP ID

Specifies a URI that uniquely identifies the Service Provider.

Note: The value that you enter must match the value of the ID specified for the corresponding Service Provider object that you configure at the Identity Provider.

IdP ID

Specifies a URI that uniquely identifies the Identity Provider from which assertions for this Service Provider are issued.

The Service Provider accepts assertions from only this IdP.

Note: The value that you enter for the issuer must match the value of the IdP ID configured at the Identity Provider site.

SAML Version

Specifies the SAML version (disabled; the value defaults to 2.0, indicating that assertions sent to this IdP ID must be compliant with SAML version 2.0).

D-Sig Info Group Box

Contains fields and controls that allow you to specify digital signature information:

Disable Signature Processing

Disables all signature processing, that is, signing and verification of signatures, for this Service Provider.

Note: Signature processing must be enabled in a production environment. Select the Disable Signature Processing option only for debugging purposes.

Signing Options

Displays a dialog with the settings for digital signature configuration, specifically the Signing Alias and the Signature Algorithm.

Issuer DN

Specifies the distinguished name of the issuer of the certificate. This value is used with the Serial Number to locate the certificate of the Service Provider in the SMKeyDatabase file.

Note: This field is enabled only if the HTTP Post option is set on the SSO tab or the HTTP Redirect Binding option is set on the SLO tab. If signature processing is disabled, this field is inactive.

Serial Number

Specifies the serial number (a hexadecimal string) of the certificate of the Service Provider in the key store. This value is used with the IssuerDN to locate the certificate in the SMKeyDatabase key store.

Note: This field is enabled only if the HTTP Post option is set on the SSO tab or the HTTP Redirect Binding option is set on the SLO tab. If signature processing is disabled, this field is inactive.

Additional Configuration

Opens the SAML 2.0 Auth Scheme Properties dialog. From this dialog, you can specify additional configuration details for the authentication scheme.