pp108 : Trust Relation

Trust Relation
This topic describes the concept of trust relation.

A trust relation is established when a service group has a certificate of another service group in its trust store. Currently, only trust relations between service groups, Single Sign-On components, and Web Gateways are useful.

A Single Sign-On component signs SAML assertions. When a service group has a trust relation with the Single Sign-On component, the service group will trust the assertions of that Single Sign-On component to be valid. The service group will check the signature and verify it with the public key of the certificate. If those do not match or the assertions are changed by a third party then the assertions will be rejected.

In a standard Process Platform environment, the monitor certificate signs all other certificates on a computer system where Process Platform is running. It is also possible to create a trust relation to a Single Sign-On service group by adding the monitor certificate that signed the Single Sign-On certificate to the trust store.

Related concepts

SAML
Certificate
Trust Store
Key Store
Identity
Private-public Key Pair

Related tasks

Creating a Trust Relation
Adding a Certificate to a Group
Setting a Group as a Default Trust Relation
Adding a New Certificate
Loading a Certificate
Validating a Certificate

Related reference

Types of Certificates

Related information

Managing Service Group Trust Relation
Managing Certificates
Example of SAML Assertions
WS-Security SAML Token