SP CredentialResolver locally signed SSL certificate
Peter Schober
peter.schober at univie.ac.at
Tue Feb 27 12:17:52 EST 2018
* Tom Noonan <tom at joinroot.com> [2018-02-27 17:14]:
> I'm currently using a self-signed certificate for the SP Credential
> resolver, by config for this is same as the example:
>
> <CredentialResolver type="File" key="/etc/shibboleth/sp.key"
> certificate="/etc/shibboleth/sp.crt"/>
>
> This works fine, I have no login errors. However, I'm not clear on how
> this certificate is used. Am I opening myself up to spoofing attacks by
> using a self-signed certificate for this?
See
https://wiki.shibboleth.net/confluence/display/CONCEPT/TrustManagement
esp. "Inline / Explicit Key Trust Engine"
The formal write-up of this can be found here:
https://wiki.oasis-open.org/security/SAML2MetadataIOP
-peter
More information about the users
mailing list