Re: [security-dev] How to configure ServiceProviderAuthenticator do HTTP Post or HTTP Redirect ?
----- Original Message -----
From: "Adam Dong" <adamdong(a)vidder.com>
To: security-dev(a)lists.jboss.org
Sent: Tuesday, October 14, 2014 9:01:15 PM
Subject: [security-dev] How to configure ServiceProviderAuthenticator do HTTP Post or
HTTP Redirect ?
Hi,
Instead of having to choose SPPostSignatureFromAuthenticator or
SPRedirectSignaturFormAuthenticator, can I just use
ServiceProviderAuthenticator and somehow configure it (in picketlink.xml or
metadata config file) to do post or redirect ?
Yes, you can. Please, take a look at [1]. You may also check the quickstarts for concrete
examples.
[1] https://docs.jboss.org/author/display/PLINK/Service+Provider+Configuration
[2] https://github.com/jboss-developer/jboss-picketlink-quickstarts
Another question, on SP side, I understand I need to have IDP's cert in my SP
cert store to be able to validate assertion
signature, but do I need to have IDP cert's root CA in my trust store ? In
other words, does SP side code (picketlink library)
check IDP cert's issuer against SP's trust store ?
Yes, validation is performed on both sides. You need the issuer's public key on the
keystore of the verifier.
Thanks,
Adam
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev