acs metadata vs custom sts metadata for asymmetric keying


The code for the STS at https://yorkporc.wordpress.com/2013/08/13/making-an-sts-that-responds-to-asymmetric-keying-signed-requests/ exposes metadata for the endpoint to which asymmetric keying RSTRs are sent as

image

Note that svcutil cannot generate a configuration for a custombinding matching this policy assertion (it requires code), even though the policy has been read:

image

We do see in the policy use of https://yorkporc.wordpress.com/2013/08/08/2-1-mssprsatoken/

However, we note that ACS does not fully expose what it requires, when it too responds to such keying requests. It pretends, for configuration reasons, to not require the endorsing supporting RSA token. Of course, it does in practice.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.