Can SAML tokens be used to exchange symmetric keys?
https://stackoverflow.com/questions/12298300
-
30-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
I would like the client connect to an STS to obtain a SAML token and use it to authenticate it self to a service, but I want the token to contain more information than the standard SAML token, I would also like to avoid using transport level security. In a sense it will be very similar to a kerberos ticket having the session key
is this possible?
Lösung
Yes, definetely possible. I've seen SAML holder-of-key with symmetric encryption being applied in one place.
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
