0

I need to resolve an opensaml artifact with a IDP that is SSL enabled. For this the artifact , a random string generated at IDP and send to SP via web channel , this artifact would be send to back IDP in a web service to get the assertion , basically assertion is a metadata of the user, for this i am using this article

It is a good article but it lacks the most important aspect , the SSL part. I have a set of public keys of the IDP that i would like to communicate . The SOAP client builder requires the SSLSocketFactory inorder to communicate over the HTTPS . But I donno what steps i need to follow ? how to create the key manager and trust manager ? . How my trust manager would decide which public key to use at run time

Please help

Chris
  • 5,486
  • 9
  • 38
  • 58
vinay jalalpuram
  • 23
  • 6
  • Take a look at this post : http://stackoverflow.com/questions/875467/java-client-certificates-over-https-ssl – nadirsaghar Jun 03 '13 at 04:31
  • in production servers I need to create the truststore/keystore Automatically through code. I need to pick up all my public keys from the database at the application startup and use the aggregated keystore . however my doubt is is my approach is correct . if yes how will the opensaml socket factory (i am using TLSProtocolSocketFactory) will identify which public key to use for which IDP . will it take care of the things internally or do i have to take care of things explicitly . please bear with me i am little new to all this security stuff, – vinay jalalpuram Jun 03 '13 at 12:44
  • The java truststore as the name suggests holds all the public-keys that the application should trust . A server is trusted when a public key certificate is found in the truststore. This is taken care of internally. You don't need to worry about that. All you need to do is making sure that the public-keys of all the IDPs are imported correctly. – nadirsaghar Jun 04 '13 at 00:36

0 Answers0