Agent Guides › SAML Affiliate Agent Guide › Add Certificate Authorities to the Affiliate Key Store › Use the AM.keystore Database

Use the AM.keystore Database

For SAML 1.x artifact single sign-on, the SAML Affiliate Agent, sends a request for the assertion to the Assertion Retrieval Service. This service retrieves the assertion from the producer and then returns the assertion to the consumer over a back channel.

We recommend that the Assertion Retrieval Service be protected from unauthorized access. You secure this service by protecting the realm where this service resides.

The two authentication schemes you can use for protection are:

• Basic
• Basic over SSL

If you are using Basic over SSL, you must:

• Enable SSL at the producer-side web server
• Configure a database called the AM.keystore.

  This database must be set up correctly to allow the SAML Affiliate Agent to communicate with the Assertion Retrieval Service at the producer in a secure manner.

The following illustration shows where the AM.keystore resides in a SiteMinder federated network.