Prerequisites
Contents
Orbital Lite STS Software
Radius Works Inc. provides the software to client in an archive file. Contact support@radiusworks.com to obtain it promptly. The current release is v1.923.
License File
Depending on the scenario a trial or permanent license file may be provided. Note that the permanent license will have to be generated based on the server deployment, so this is an additional step as part of the installation.
Certificate for Web Application
As the Orbital Lite STS application processes potentially restricted information (PII and PHI), it is a requirement that the web site is configured to allow HTTPS only. TLS 1.2 is the recommended protocols while older versions (TLS 1.0/1.1 and SSL 2/3) should be disabled on the web server.
Currently there is no support for TLS 1.3 in Microsoft servers.
There are no specific requirements on the certificate itself; it can self-signed certificate from IIS, issued by an internal PKI, or provisioned by an external Certificate Authority.
Certificate for SAML Signature
The Orbital Lite STS requires a signing certificate for the SAML. This is a general purpose certificate which has the private key available. As this certificate is used for non-repudiation, it is critical that this certificate be protected. Learn more about generating certificates here.
Certificate for SAML Encryption
Organization and Service Providers may require that the assertions in the SAML be encrypted. For that purpose a separate certificate is used to encrypt the data with a public key. The Service Provider would have the private the key to decrypt. Your Service Provider typically provides you with the public key. Learn more about generating certificates here.