SOA Security

Fri Feb 27 12:38:08 EST 2015

And could you please tell me the use of X.509 IDP configuration if it is not usable with the SP ?

Thanks

-----Message d'origine-----
De : users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] De la part de Cantor, Scott
Envoyé : 27 février 2015 11:55
À : Shib Users
Cc : Gauthier, Florent; Couture, Dave
Objet : Re: SOA Security

On 2/27/15, 8:55 AM, "Arnal, Pascal" <Pascal.Arnal at lacapitale.com> wrote:

>I will change the approch and if possible I will use x509 auth for the
>application.
>So the scenario will be :
> 1 - The user call the SP of the application and fill his credentials
> 2 - The SP of the application redirect the user to the application

I don't know what that means. If you mean SSO via SAML, ok.

> 3 - The application call the SP of service with X509 cert and User
>HTTP Headers
> 4 - The SP of service redirect the application to the service

I don't know what that means either, but you can't use X.509 with the Shibboleth SP, no. You could sort of use it by using the "back door"
feature built-in to the SP to add that as a separate way of getting a session established, I guess. [1]

-- Scott

[1] https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPBackDoor
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

AVIS: Ce courriel privilégié et confidentiel est destiné à la seule personne ou entité à laquelle il est adressé. Pour toute autre personne, toute action prise en rapport à ce courriel ainsi que toute lecture, reproduction, transmission et/ou divulgation d'une partie ou de l'ensemble de celui-ci est interdite. Si vous n'êtes pas la personne autorisée à recevoir ce courriel, S.V.P. le retourner à l'expéditeur et le détruire. Bien que ce courriel ait été traité contre les virus, il est de la responsabilité du destinataire de s'assurer que l'envoi en est exempt. Nos communications avec vous peuvent contenir des renseignements confidentiels ou protégés par le secret professionnel. Si vous désirez que nous communiquions avec vous par un autre moyen de transmission que le courrier électronique ordinaire non sécurisé, veuillez nous en aviser.

NOTICE: This privileged and confidential email is intended only for the individual or entity to whom it is addressed. With regard to all others, any action related with this email as well as any reading, reproduction, transmission and/or dissemination in whole or in part of the information included in this email is prohibited. If you are not the addressee, immediately return the email to sender prior to destroying all copies. Even if this email is believed to be free from any virus, it is the responsibility of the recipient to make sure that it is virus exempt. Our communications to you may contain confidential information or information protected under solicitor-client privilege. Please advise if you wish us to use a mode of communication other than regular, unsecured e-mail in our communications with you.