SSL, certificates and security with Shibboleth

From RavenWiki
Revision as of 15:36, 12 March 2009 by jw35 (talk | contribs) (Work in progress)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

http is insecure, in that the traffic between endpoints can be snooped and that neither endpoint has any reason to believe anything about the other. Layering http traffic over SSL (a.k.a. TLS for the purposes of this document) can protect the traffic in transit and allows one, and optionally both, endpoints to positively identify the other. Implementing SSL typically requires some software, some configuration, and an key and corresponding certificate.

In a Shibboleth deployment there are three places where SSL can or must be used:

  • To protect communication directly between an SP and an IdP
  • To protect communication with special 'Protocol Endpoints' which the SP software responds to automatically an to which the user's browser is directed during authentication
  • To protect general site traffic and the cookies that demonstrate that a iser has authenticated.





https://spaces.internet2.edu/display/SHIB/KeysAndCertificates

Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=SSL,_certificates_and_security_with_Shibboleth&oldid=2066"