The following settings affect all identity consumers (service providers) that Identity Server has been configured to trust.
Click Devices > Identity Servers > Edit > Identity Consumer.
Specify whether Identity Server can run as an identity consumer.
When Identity Server is configured to run as an identity consumer, Identity Server can receive (consume) authentication assertions from other identity providers.
Enable: Enables this site to function as service provider. This setting is enabled by default.
If this option is disabled, Identity Server cannot trust or consume authentication assertions from other identity providers. You can create and enable identity providers for the various protocols, but they are not loaded or used until this option is enabled.
Require Signed Assertions: Specifies that all SAML assertions received by the service provider are signed by the issuing SAML authority. The signing authority uses a key pair to sign SAML data sent to this trusted provider.
Sign Authentication Requests: Specifies that the service provider signs authentication requests sent to an identity provider when using the Liberty 1.2 and SAML 2.0 protocols.
Use Introductions (Discover IDP Authentications): Enables a service provider to discover whether a user has authenticated to a trusted identity provider, so the user can use single sign-on without requiring authentication credentials.
Service domain: The shared, common domain for all providers in the circle of trust. This domain must resolve to the same IP address as the base URL domain. You must enable the Identity Consumer option to enable this field.
Port: The port to use for identity consumer introductions. Port 8446 for HTTPS is the default and must be opened on your firewall. If you specify a different port, you must edit the Tomcat server.xml file.
IMPORTANT:If you enable the Use Introductions option and you want to allow your users to select which identity provider to use for authentication rather than use single sign-on, you need to configure the Introductions class. See Configuring the Introductions Class.
SSL Certificate: Displays the Keystore page that you use to locate and replace the test-consumer SSL certificate for this configuration.
Identity Server comes with a test-consumer certificate that you must replace for your production environment. This certificate is used for identity consumer introductions. You can replace the test certificate now or after you have configured Identity Server. You must restart Tomcat whenever you assign an Identity Server to a configuration and whenever you update a certificate key store. See Managing the Keys, Certificates, and Trust Stores.
Click OK, then update Identity Server.