Does Metro WS-Security implementation relies on SubjectKeyIdentifier certificate extension?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Does Metro WS-Security implementation relies on SubjectKeyIdentifier certificate extension?

gchoi
Hello Metro Team,

  I have heard that Metro WS-Security implementation relies on the SubjectKeyIdentifier certificate extension by default to reference public keys in SOAP headers. Could you confirm if SubjectKeyIdentifier extension is mandatory for a certificate to work with Metro2.2?
  The reason that I am asking is, that I use metro client and service, but my STS is ADFS2.0. When I looked at ADFS2.0 encryption certificate, it doesn't have SubjectKeyIdentifier extension and I don't know if I have control on that?
  Could you suggest any alternatives? I can use either PublicKey or SymmetricKey.

Thanks.