The .NET Fedlet supports the signing of outgoing XML requests such as Authn requests and logout requests.
Import your X.509 certificate to the Personal folder within the Local Computer account using the Certificates Snap-in for the Microsoft Management Console. To use this snap-in, see the following Microsoft article:
Specify a friendly name for this certificate by viewing the Properties dialog and entering a value. (Save this value for Step 4.)
Set the appropriate permissions to allow read access to the certificate for the user account used by Internet Information Server (IIS) as described at the Microsoft article. For example:
In the .NET Fedlet's extended metadata file (sp-extended.xml), specify the friendly name specified in Step 2 as the value for the signingCertAlias attribute. For example:
<Attribute name="signingCertAlias"> <Value>MyFedlet</Value>
In the .NET Fedlet's service provider metadata file (sp.xml), add the KeyDescriptor for the signing key.
Use the Certificates Snap-in for the Microsoft Management Console used earlier to export the public key of your certificate in Base64 encoding to be included in the KeyDescriptor XML block. This KeyDescriptor must be the first child element within the SPSSODescriptor. For example:
<KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of\+ RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC /FfwWigmrW0Y0Q== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor>
Restart the Application Pool associated with your .NET application.