Metro STS and Sender-Vouches

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Metro STS and Sender-Vouches

ss400
By default Metro STS always generates SAML assertions with
holder-of-key subject confirmation.
 How do i get STS to generate SAML assertion with sender-vouches
subject confirmation ?
 Is there sample on how to use it?
 Clarification for the Sender-Vouch use case (from discussion
http://metro.1045641.n5.nabble.com/Need-clarification-on-SAML-Sender-Vo
uches-vs-Holder-of-Key-methods-td1060355.html) :
" A=end user, B=web service client, C=STS, D=web service
 A != B:
 B calls C to get an SAML assertion on behalf of A to access D. So B
supplies its own certificate to C as well and also put the
username/password of A in a sub-element OnBehalfOf in the request
message, C create an SAML assertion with C's identity in the assertion,
and C also signs the assertion. The B send the assertion to D and use
server's certificate and/or B's certificate to secure the message. This
is Sender-Vouch case."
Loading...