commercial cert for idp
Paul Hethmon
paul.hethmon at clareitysecurity.com
Thu Dec 19 11:47:12 EST 2013
You are referring to the certificate used to sign the SAML Responses to the SP (vendor)?
If so, my suggestion is to tell them to go suck an egg. Buying a certificate signed by a CA adds no security to the self-signed certificate you have now. They should be exchanging metadata with you by an out of band procedure. Trust is established by that procedure, not by buying a certificate.
Paul
From: <Qian>, Yi <yqian at ku.edu<mailto:yqian at ku.edu>>
Reply-To: Shibboleth Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Date: Thursday, December 19, 2013 11:38 AM
To: Shibboleth Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: commercial cert for idp
We have shibboleth idp with self signed certificate and federated with many SPs, but recently a vendor requires us to use commercial certificate for the federation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131219/32c4c5de/attachment.html
More information about the users
mailing list