[security-dev] How to configure ServiceProviderAuthenticator do HTTP Post or HTTP Redirect ?
Adam Dong
adamdong at vidder.com
Tue Oct 14 20:01:15 EDT 2014
Hi,
Instead of having to choose SPPostSignatureFromAuthenticator or SPRedirectSignaturFormAuthenticator, can I just use ServiceProviderAuthenticator and somehow configure it (in picketlink.xml or metadata config file) to do post or redirect ?
Another question, on SP side, I understand I need to have IDP's cert in my SP cert store to be able to validate assertion
signature, but do I need to have IDP cert's root CA in my trust store ? In other words, does SP side code (picketlink library)
check IDP cert's issuer against SP's trust store ?
Thanks,
Adam
More information about the security-dev
mailing list