Getting a grasp on Heartbleed and IDPs

Cantor, Scott cantor.2 at
Fri Apr 11 11:47:25 EDT 2014

On 4/11/14, 11:30 AM, "Dave Perry" <Dave.Perry at> wrote:

>The 2 SPs are configured to talk to our IdP - which is under tomcat which
>is behind Apache with OpenSSL 0.9.8something.
>They've never touched any other IdP in their existence.

There's also metadata fetches. I haven't come up with anything else the SP
contacts, unless you do unusual things with it (fetching remote CRLs or
config files), but I haven't really crawled every line of code.

Since some people do firewall off their SP servers, I think it's likely
that I'm not overlooking anything outbound.

-- Scott

More information about the users mailing list