|
|
|
The General tab lets you specify general information about the Service Provider.
The settings on this tab are as follows:
Specifies a URI that uniquely identifies the Service Provider, such as, sp.example.com.
Specifies a URI that uniquely identifies the Identity Provider, such as idp.ca.com. This URI value becomes the value of the Issuer field in the assertion.
Specifies the SAML version (disabled; the value defaults to 2.0, indicating that assertions sent to this SP ID must be compliant with SAML version 2.0).
Specifies the number of seconds (as a positive integer) added and subtracted from the current clock time to account for Service Providers with clocks that are not synchronized with the Policy Server acting as an Identity Provider. The skew time and the Validity Duration determine how SiteMinder FSS calculates the total time that an assertion is valid.
To determine the assertion validity, the skew time is subtracted from the assertion generation time (IssueInstant) to get the NotBefore time. The skew time is then added to the validity duration and the IssueInstant to get the NotOnOrAfter time. The following equations illustrate how the skew time is used:
Times are relative to GMT.
For more information about assertion validity, see the Federation Security Services Guide.
Enables you to specify digital signature processing information.
If set, all signature processing for this Service Provider (both signing and verification of signatures) is disabled for the Service Provider.
Note: Signature processing must be enabled in a production environment. Select the Disable Signature Processing option only for debugging purposes.
Specifies the distinguished name of the issuer of the Service Provider certificate used for signature verification of messages coming from that Service Provider. This value is used with the Serial Number to locate the certificate of the Service Provider in the SMKeyDatabase key store.
Important! This field is only enabled when either the HTTP Post option is set on the SSO tab or the HTTP Redirect Binding option is set on the SLO tab.
Specifies the serial number (a hexadecimal string) of the Service Provider certificate in the SmKeyDatabase key store. This certificate verifies the signature of messages coming from that Service Provider. This value is used with the Issuer DN to locate the certificate.
Important! This field is only enabled when either the HTTP Post option is set on the SSO tab or the HTTP Redirect Binding option is set on the SLO tab.
Displays the Signing Options dialog. From this dialog you can configure the settings for digital signing, such as the signing alias and the signature algorithm.
Other Controls
Click this button to implement single sign-on with the HTTP-Artifact binding.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |