Channel 6 in Figure 7-1, SSL Communication Channels.
To make the communication between Identity Server and a service provider more secure, you must consider the following settings:
Identity Provider Signing Certificate: Select a certificate from the keystore and assign it to the service provider.
Identity Provider Encryption Certificate:Select a certificate from the keystore and assign it to the service provider.
Signing certificate per service provider:When you assign custom certificates to each service provider while configuring Identity Server, ensure that you export these certificates and custom metadata to the service provider. To retrieve the metadata, click the metadata link (available in the note on the Trust page).
For more information, see Configuring Communication Security for a SAML 2.0 Service Provider
NetIQ Access Manager CE 24.2 (v5.1) Administration Guide.
NOTE:These security considerations are also valid when Identity Server acts as a service provider.