Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 207

Copyright © 2010, Juniper Networks, Inc.
Table 48: SAML Server Instance Configuration Details (continued)
Option Function
User Name Specifies the user name template, which is a
Template mapping string from the SAML assertion to a
Secure Access user realm.
Allow Clock Skew Determines the maximum allowed difference
(minutes) in time between the Secure Access device
clock and the source site clock.
SAML Settings > Artifact SSO tab
Source ID Specifies the 20- byte identifier that the
Secure Access device uses to recognize an
assertion from a given source site.
Source SOAP Specifies the source SOAP responder service
Responder Service URL.
URL
SOAP Client Specifies the SOAP client authentication.
Authentication
Username Specifies the username for SOAP client
authentication.
Password Specifies password for SOAP client
authentication.
Device Certificate Specifies the device certificate.
SAML Settings > POST SSO tab
Response Signing Specifies the response signing cerificate for
Certificate the SAML response signature verification.
This is the PEM-formatted signing certificate,
which is loaded for the SAML response
signature verification. The certificate you
select should be the same certificate used for
signing the SAML response at the source site.
The source site may send this certificate along
with the SAML response, depending on the
source site configuration. By default, the
system performs signature verification of the
SAML response first on the locally configured
certificate. If a certificate is not configured
locally in the SAML authentication server, then
the system performs the signature verification
on the certificate included in the SAML
response from the source site.
Issued To Displays name and attributes of the entity to
whom the certificate is issued.
Chapter 11: Configuring Authentication and Directory Servers
Your Action
Enter the string.
Enter the allowed clock
skew value.
Enter the Source ID.
Enter a URL.
NOTE: You should specify
this URL in the form of an
HTTPS: protocol.
Select either HTTP Basic
or SSL Client Certificate.
Enter the username.
Enter the password.
Select a device certificate
the drop-down list.
Enter the name or browse
to locate the response
signing certificate.
Issued To details is
displayed.
189