This panel allows the SAML Site administrator to specify which SSL certificates are trusted by the system.

mutually validating-7

SAML back-channel communication should always go over SSL.

For added security, the SAML browser/Artifact profile requires that the SSL layer be mutually authenticated.

This means that both the server and the client must mutually authenticate using certificates.

The following are commonly used terms when discussing SSL and Public Key Infrastructure (PKI) in general: i Chain determines trust using its Trusted Roots container.

After receiving the certificate file, you must import it into e Directory so that it can be used.

In Novell e Directory, trusted public key certificates must be placed in a Trusted Roots container.

These certificates are added to the Java Virtual Machine's (JVM) Trust Store.

When the SAML extension server generates an outbound SSL request, the received SSL Server Certificate is checked against the certificates stored in the JVM.

The SAML extension server determines which certificates it trusts based upon the settings in each Trusted Affiliate object.