c# - Use for every Reyling Party seperate client Certificate? -

-

i'm reading on sso , used tutorial http://chris.59north.com/post/2013/04/09/building-a-simple-custom-sts-using-vs2012-aspnet-mvc.aspx creating custom sts.

if understood correct on sts machine installed certificate. reyling party sends thumbprint of x509 signature. relying party accept claims of sts proper certificate. correct?

if so, implement every relying party sending certificate sts sts got installed too. on request sts in trusted relying party list if sent certificate known sts.

is implemention idea , practice? there ressource implement this?

thanks

implementing custom sts hard work. advise have @ windows azure acs or thinktecture free sts starting point.
being said, having separate certificate relying party common practice. however, private key of certificate stored inside database in sts (acs , thinktecture both support this). relying party knows public key. security token (saml2 or jwt) signed acs security token , relying party can use public key (or thumbprint) verify signature. please notice saml2 token can encrypted (next being signed) , can use different certificate that. recommend using seperate certificate sts (or organisation) has kind of website "anybody" can register application relying party. if elying parties "internal" applications @ least consider using single certificate sign security tokens. has advantage can publish (public) key in federation meta data document (located @ federationmetadata/2007-06/federationmetadata.xml). if wish update key, can update there (by first publishing new , old key there , later new key). relying parties can update there keys based on meta data (adfs uses similar approach). bottom line : having seperate certificate per rp having single 1 (for signing - not encryption) easier update.


Comments

Post a Comment

Popular posts from this blog

google api - Incomplete response from Gmail API threads.list -

-
i plot number of emails in inbox on time using gmail api , i'm seeing lot of drop-outs, whatever reason i'm getting incomplete count of messages @ single time points. my plots here: https://plot.ly/~tdsmith/2 -- "drop-outs" i'm complaining trace shoots downwards , recovers previous level @ next timepoint. the code i'm using count emails here: https://github.com/tdsmith/gmail-plotly/blob/master/gmail-plotly.py#l47-l64 what can diagnose these faults?
Read more

Installing Android SQLite Asset Helper -

-
i need use ready made database. search solution on internet did not work until decided use mentioned library found here . however, found hard use library in installation procedures shallow beginners. i appreciate step step procedure on how use android studio. in struggle tried copying sources main/libs , adding line gradle did not work. use api 19 if helps. update here build.gradle // top-level build file can add configuration options common sub-projects/modules. buildscript { repositories { mavencentral() } dependencies { classpath 'com.android.tools.build:gradle:0.11.+' compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+' // note: not place application dependencies here; belong // in individual module build.gradle files } } allprojects { repositories { mavencentral() } } trying compile project error error:(9, 0) no signature of method: org.gradle.api.internal.artifacts
Read more

Qt Creator - Searching files with Locator including folder -

-
one quick question qtcreator : know possible use locator open files using "ctrl-k" shortcut. however, possible search files including locations? for example, let's want locate file named "main.cpp" in folder named "myfolder" , have lots of other main.cpp files. what should type locator in order open ? just type myfolder/main.cpp in locator
Read more