[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Global Logout issues with 2-way SSL
From: "Cantor, Scott" <cantor.2 () osu ! edu>
Date: 2014-12-18 18:12:56
Message-ID: C697FD2F-82B4-4AC4-9859-96CDB0B7F5D3 () osu ! edu
[Download RAW message or body]
Please don't send the same message to two lists.
On 12/18/14, 6:05 PM, "federator" <wpadmin@identiainc.com> wrote:
>There is no way the SP is able to obtain the client's cert. The question
>is, is there anyway to define the OpenSAML security policy rule to use
>SP's cert instead of the user cert to process the global logout message?
Brent noted that this was a bug in V2 when I was building the same code in
V3.
> Where is the configuration file that defines
> the OpenSAML's ClientCertAuthRule or how to define the rule
>declaratively?
It's in the DONOTTOUCH sections at the end of the relying-party file in
the security policy chains used by different profiles. The logout one is
using a single policy for both front and back channel messages, and the
client auth rule is there for the back-channel and would have to be turned
off.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic