The following services can be configured to use signing:
The protocols can be configured to sign authentication requests and responses.
To view your current configuration:
Click Devices > Identity Servers > Edit.
In the Identity Provider section, view the setting for the Require Signed Authentication Requests option. If it is selected, all authentication requests from service providers must be signed.
In the Identity Consumer section, view the settings for the Require Signed Assertions and Sign Authentication Requests options. If these options are selected, assertions and authentication requests are signed.
The SOAP back channel is the channel that the protocols use to communicate directly with a provider. The SOAP back channel is used for artifact resolutions and attribute queries for the Identity Web Services Framework.
To view your current configuration for the SOAP back channel:
Click Devices > Identity Servers > Edit.
Select the protocol (Liberty, SAML 1.1, or SAML 2.0), then click the name of an identity provider or service provider.
Click Trust.
View the Security section. If the Message Signing option is selected, signing is enabled for the SOAP back channel.
Any of the Web Service Provider profiles can be enabled for signing by configuring them to use X.509 for their message-level security mechanism.
To view your current configuration:
Click Devices > Identity Servers > Edit > Liberty > Web Service Provider.
Click the name of a profile, then click Descriptions.
Click the Description Name.
If either Peer entity = None, Message=X509 or Peer entity = MutualTLS, Message=X509 has been selected as the security mechanism, signing has been enabled for the profile.