[OTDev] A&A: precautions against pre-registering resources
Andreas Maunz andreas at maunz.deTue Jun 29 16:40:16 CEST 2010
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Luchesar V. ILIEV wrote on 06/29/2010 04:25 PM: > And it's really the policy service that matters. OpenSSO need not (as > far as I can ascertain at the moment) require client certificates for > its connections. Ah, ok. That's nice to hear. :-) Yes, it makes sense to primarily target the policy service. > So, if you can get access to the client certificate from within the > policy service, that would be great. I'm afraid I don't have much > experience with programming webservices, but I'll try to educate > myself more on the matter as well. My approach would be to forward the appropriate SSL traffic directly the policy webservice. The webserver there could then do anything with it, also checking the client certificate. Just the basic idea, but I'll investigate the possibilities. Greetings Andreas
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list