Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification of SOAP clients #1

Open
peter- opened this issue Jan 31, 2014 · 1 comment
Open

Verification of SOAP clients #1

peter- opened this issue Jan 31, 2014 · 1 comment

Comments

@peter-
Copy link

peter- commented Jan 31, 2014

Background: Use of self-signed certs for securing of SAML protocol messages is the recommended model today (based on http://saml2int.org/ which in turn references SAMLMetaIOP, which in section 2.6.1 basically removes the difference between sef-signed certs and CA-issued ones by explicitly ruling out PKIX trust path validation).

As such the method to just disable checking of clients certs wholesale in sp_patch.diff seems not apppropriate. I'd still want the software to validate the client, but based on public keys in SAML metadata for that SP (the SOAP client), not PKIX trust path validation based on CA certs used for TLS/SSL.
@pitbulk
Copy link

pitbulk commented Mar 11, 2014

Thanks for the info.
Olav already said to us the same, that the patch may not be applied in production server.
Only in testing server where not trusted certs are available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pitbulk @peter-