shibboleth-dev - Re: SP and certs
Subject: Shibboleth Developers
List archive
- From: Alistair Young <>
- To: 'Shibboleth Development' <>
- Subject: Re: SP and certs
- Date: Thu, 26 May 2005 16:21:20 +0100
I've got +ExportCertData turned on in apache's ssl.conf but my understanding of what the SP does is very vague. There's no https involved at the SP as far as the browser is concerned. It gets redirected to the wayf, then the IdP and then the SP does an ssl connection to the AA.
Only if mod_ssl exports the cert to the environmentthe local SP environment? the AA is remote though
there's also the clientAuth setting in tomcat to contend with - I suspect it doesn't populate javax.servlet.request.X509Certificate unless it's set to true but that then causes the entire server to demand client certs, which I don't want.
sorry if I sound confused - I am!
thanks,
Alistair
On 26 May 2005, at 16:00, Scott Cantor wrote:
The AA is running on Tomcat behind Apache. Does Apache not "forward"
the cert in the request to Tomcat?
Only if mod_ssl exports the cert to the environment via SSLOptions
+ExportCertData
-- Scott
- SP and certs, Alistair Young, 05/26/2005
- RE: SP and certs, Scott Cantor, 05/26/2005
- Re: SP and certs, Alistair Young, 05/26/2005
- RE: SP and certs, Scott Cantor, 05/26/2005
Archive powered by MHonArc 2.6.16.