[security-dev] How to configure ServiceProviderAuthenticator do HTTP Post or HTTP Redirect ?

Adam Dong adamdong at vidder.com
Tue Oct 14 20:01:15 EDT 2014


Instead of having to choose SPPostSignatureFromAuthenticator or SPRedirectSignaturFormAuthenticator, can I just use ServiceProviderAuthenticator and somehow configure it (in picketlink.xml or metadata config file) to do post or redirect ?

Another question, on SP side, I understand I need to have IDP's cert in my SP cert store to be able to validate assertion
signature, but do I need to have IDP cert's root CA in my trust store ? In other words, does SP side code (picketlink library)
check IDP cert's issuer against SP's trust store ?


More information about the security-dev mailing list