Getting a grasp on Heartbleed and IDPs
Liam Hoekenga
liamr at umich.edu
Tue Apr 15 11:01:25 EDT 2014
On Fri, Apr 11, 2014 at 10:43 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> >B) the certificate/keypair use on port 4443 of the idp for back channel
> >interaction
>
> B normally runs on 8443, but certainly isn't limited to that. You have to
> apply generalities to your own deployment.
>
> B is the authentication credential for transport authentication of SOAP.
>
Would it be reasonable to consider using the front channel / browser facing
cert to secure the backchannel?
What would be the downside? (The calling SP would have to have the CA cert
that was being used, right?)
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140415/4ebc81a2/attachment.html
More information about the users
mailing list