Viewing The Services That Use The Signing Key Pair - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

If you are going to use introductions in your federation configuration, you need to set up the
following key pairs:
Identity provider: The test-provider key pair is used when you configure your Identity Server

to use introductions with other identity providers and have set up a common domain name for
this purpose. It needs to be replaced with a certificate that has a subject name that matches the
DNS name of the common domain. For configuration information, see
"Configuring the General Identity Provider Options," on page
Identity consumer: The test-consumer key pair is used when you configure your Identity

Server to use introductions with other service providers and have set up a common domain
name for this purpose. It needs to be replaced with a certificate that has a subject name that
matches the DNS name of the common domain. For configuration information, see
Section 7.2.2, "Configuring the General Identity Consumer Options," on page
To enable secure communication between the user store and the Identity Server, you can also import
the trusted root certificate of the user store. For configuration information, see
"Configuring Identity User Stores," on page
This section describes the following tasks:
Section 1.3.1, "Viewing the Services That Use the Signing Key Pair," on page 28

Section 1.3.2, "Viewing Services That Use the Encryption Key Pair," on page 29

 Section 1.3.3, "Managing the Keys, Certificates, and Trust Stores," on page 29

1.3.1 Viewing the Services That Use the Signing Key Pair

The following services can be configured to use signing:
"Protocols" on page 28

"SOAP Back Channel" on page 28

 "Profiles" on page 29
Protocols
The protocols can be configured to sign authentication requests and responses.
To view your current configuration:
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 In the Identity Provider section, view the setting for the Require Signed Authentication
Requests option. If it is selected, all authentication requests from identity providers are signed.
3 In the Identity Consumer section, view the settings for the Require Signed Assertions and Sign
Authentication Requests options. If these options are selected, assertions and authentication
requests are signed.
SOAP Back Channel
The SOAP back channel is the channel that the protocols use to communicate directly with a
provider. The SOAP back channel is used for artifact resolutions and attribute queries for the
Identity Web Services Framework.
28 Novell Access Manager 3.1 SP2 Identity Server Guide
186.
104.
Section 7.2.1,
187.
Section 3.1,