The security settings control the direct communication between Identity Server and a service provider across the SOAP back-channel.
On the Home page, click Applications > Select a Cluster> [SAML2 Service Provider application].
Specify the following options under the Security section.
Both identity provider and service provider must use the same security method.
|
Field |
Description |
|---|---|
|
Encrypt Assertions |
Select it if you want the assertions encrypted on the wire. |
|
Encrypt Name Identifiers |
Select it if you want the name identifiers encrypted on the wire. |
|
SOAP Back Channel Security Method: Select one of the following security methods: |
|
|
Message Signing |
Relies upon message signing by using a digital signature. |
|
Mutual SSL |
Specifies that this trusted provider provides a digital certificate (mutual SSL) when it sends a SOAP message. SSL communication requires only the client to trust the server. For mutual SSL, the server must also trust the client. For the client to trust the server, the server’s certificate authority (CA) certificate must be imported into the client trust store. For the server to trust the client, the client’s CA certificate must be imported into the server trust store. |
|
Basic Authentication |
Specifies standard header-based authentication. This method assumes that a name and password for authentication are sent and received over the SOAP back-channel.
|
Click Save.
Update Identity Server.