[OTDev] A&A: precautions against pre-registering resources
Andreas Maunz andreas at maunz.deTue Jun 29 15:35:00 CEST 2010
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Luchesar V. ILIEV wrote on 06/29/2010 02:21 PM: > So, to summarize, the question is: how easy for the policy service > would it be to check the SAN entries in the client certificate used in > the SSL/TLS connection against the URL for which a policy is submitted > through that secure channel? I agree SSL is most probably the more sane way. But it is also more difficult to set up. Currently, the A&A server runs as a virtual machine and SSL connections (which are as you know already possible) are currently handled by the host machine. I would have to forward SSL to the guest machine, where OpenSSO can not be switched into "SSL mode" so easily. Currently I have: Tomcat webserver running as webapplication (WAR): 1) OpenSSO 2) Policy service Let me check out how this would be possible- the policy service should not be the problem. Best regards Andreas
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list