Getting a grasp on Heartbleed and IDPs

Wessel, Keith kwessel at
Thu Apr 10 11:53:44 EDT 2014


We've already taken actions on our IDP, but I'm trying to get a full understand of the potential impact while we were vulnerable.

If the IDP's private key was exposed (through connections to Apache connections to 8443), what could a hacker do with it? Could they intercept assertaions from our IDP and decrypt them? In short, what is the IDP key and cert used for?

My apologies if I missed this already discussed on the list. I tried to catch up on things, but I might have overlooked this answer.


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list