You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the WS-Fed module uses the realm key for Signing SAML tokens. However, in a paper that presents a proof for WS-Fed being secure, one of the requirements is that the key used to sign WS-Fed messages is not used to sign messages from other protocols. To follow this recommendation, we should add an option to use a key specifically used by the client.
When the option is activated, it should generate a private-public key pair for the client (as in the SAML client), but keep the private key inaccessible (as for the realm key). It should have the option to regenerate a new private-public key pair, and to import a private-public key pair. Deactivating the option must not erase the key, just revert to using the realm key.
The text was updated successfully, but these errors were encountered:
Currently, the WS-Fed module uses the realm key for Signing SAML tokens. However, in a paper that presents a proof for WS-Fed being secure, one of the requirements is that the key used to sign WS-Fed messages is not used to sign messages from other protocols. To follow this recommendation, we should add an option to use a key specifically used by the client.
When the option is activated, it should generate a private-public key pair for the client (as in the SAML client), but keep the private key inaccessible (as for the realm key). It should have the option to regenerate a new private-public key pair, and to import a private-public key pair. Deactivating the option must not erase the key, just revert to using the realm key.
The text was updated successfully, but these errors were encountered: