Assume that you have a SAML trust relationship with another site, and that site is digitally signing incoming SAML assertions to you.
Traditional address-centric firewalls allow malicious communications to piggyback on allowed network policies because they lack visibility beyond primitive network attributes.This panel allows the SAML Site administrator to specify which SSL certificates are trusted by the system.When the SAML extension server loads its configuration from the directory, each of the Trusted Affiliate's Secure SAML Communication certificates are read.It works by looking beyond network addresses, instead validating the secure identity of applications, users, and hosts controlling the addresses.With Edgewise, security teams enable true business agility while protecting mission-critical cloud and data center applications.These certificates are added to the Java Virtual Machine's (JVM) Trust Store.
When the SAML extension server generates an outbound SSL request, the received SSL Server Certificate is checked against the certificates stored in the JVM.
This section covers the viewpoint of a site administrator who wants to receive signed SAML data from a Trusted Affiliate.
At this point, you are configuring properties relating to the receiving half of the SAML relationship.
If the provided SSL Client Certificate exists in its Trusted Roots container, i Chain trusts the certificate; or, if the provided SSL Client Certificate was signed by a CA that is in the Trusted Roots container, then i Chain trusts the certificate.
If neither the client certificate nor its CA is found in i Chain's Trusted Roots container, the SSL Client certificate is rejected and the connection closed.
Zero-trust networking abandons the traditional security model of allowing application communications based on “trusted” addresses.