Release NotesFederation Security Services Release NotesDefects Fixed in the Policy Server 6.0 SP5 Option PackFixes for Policy Server 6.0 SP5 Option Pack › Signature for SAML 1.1 Assertions Unclear With Multiple Affiliate Domains (76161)

Previous Topic: SMPORTALURL Query Parameter Subject to Malicious Modification (74278)

Next Topic: Commas Cannot Separate Relative DNs in the NameID Defined as an X509SubjectName (76311)
Signature for SAML 1.1 Assertions Unclear With Multiple Affiliate Domains (76161)

Symptom:

When multiple affiliate domains use different signing keys, the Policy Server does not pick up the correct signing key when the respective SAML 1.1 assertion is being generated.

Solution:

For signed SAML 1.1 assertions, the correct certificate for each partnership is now used when multiple affiliate domains are defined. If signed assertions are specified but no signing alias is selected, the certificate corresponding to the defaultenterpriseprivatekey alias is used.