Modifying SAML Settings in the Directory
Even though you have created and imported the key pair, it is only used if it is required by the SAML configuration stored in the directory. The signing of SAML data is a setting made on a per-affiliate basis. This means that the SAML administrator can decide which SAML Trusted Affiliate sites receives signed data and which do not.
To modify the SAML settings in the directory:
-
Select the Trusted Affiliate object you want to sign data for.
-
Open the Trusted Affiliate object's property page, as shown in Figure 83:
Figure 83
Trusted Affiliate Object Property Page
-
Select Assertions > Digitally sign assertions for the browser/Post profile.
This causes the system to use your key pair to sign SAML data sent to this Trusted Affiliate using the browser/POST profile. See Figure 84:
Figure 84
Digitally Sign Assertions for Browser/POST Profile