IBM Tivoli Federated Identity Manager, Version 6.2.2

Setting up transport security

To protect the message as it is communicated (transported) between the partners, SAML requires the use of Secure Sockets Layer (SSL) with server authentication and in some cases with mutual authentication.

About this task

In a Tivoli® Federated Identity Manager environment, you can ensure transport security by enabling SSL on the WebSphere® Application Server where the runtime and management services component is installed. In addition, if you are a client in an SSL communication in which mutual authentication is required using a client certificate, configure your client certificate.

The general steps for enabling server and client authentication include the following tasks:

Procedure

Enabling SSL on the WebSphere Application Server.

Note: If you are a service provider in a SAML 1.x federation, you become the client in an SSL configuration. Therefore, you do not need to configure server SSL. See the steps for configuring client certificates in Configuring your client certificates.

Enabling SSL on a server includes the following subtasks:

Creating a certificate request.
Receiving a signed certificate issued by a certificate authority.
Associating a certificate with your SSL configuration.
Optionally, you might want to complete the steps in Deleting the default certificate.
Extracting a certificate to share with your partner.

Configuring client authentication requirements. Your authentication requirement options are:
- No authentication
- Basic authentication, in which a username and password are requested
- Client certificate authentication
If you act as a client in the federation and your partner requires a client certificate, you must also complete the steps in Configuring your client certificates.

Feedback