[OTDev] A&A: precautions against pre-registering resources
Luchesar V. ILIEV luchesar.iliev at gmail.comTue Jun 29 16:25:24 CEST 2010
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks Andreas, And it's really the policy service that matters. OpenSSO need not (as far as I can ascertain at the moment) require client certificates for its connections. So, if you can get access to the client certificate from within the policy service, that would be great. I'm afraid I don't have much experience with programming webservices, but I'll try to educate myself more on the matter as well. Cheers, Luchesar On Tue, Jun 29, 2010 at 16:35, Andreas Maunz <andreas at maunz.de> wrote: > Luchesar V. ILIEV wrote on 06/29/2010 02:21 PM: >> >> So, to summarize, the question is: how easy for the policy service >> would it be to check the SAN entries in the client certificate used in >> the SSL/TLS connection against the URL for which a policy is submitted >> through that secure channel? > > I agree SSL is most probably the more sane way. But it is also more > difficult to set up. > Currently, the A&A server runs as a virtual machine and SSL connections > (which are as you know already possible) are currently handled by the host > machine. > I would have to forward SSL to the guest machine, where OpenSSO can not be > switched into "SSL mode" so easily. > > Currently I have: > Tomcat webserver running as webapplication (WAR): > 1) OpenSSO > 2) Policy service > > Let me check out how this would be possible- the policy service should not > be the problem. > > Best regards > Andreas >
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list