Shibboleth Developers

["Reimer Karlsen-Masur, DFN-CERT" <>]

Chad La Joie wrote:
> You should probably take a look at the SAML 2 Core spec for a more
> in-depth description of encryption and it's usages but I'll try to give
> general answers to your questions.

Thanks!

> Reimer Karlsen-Masur, DFN-CERT wrote:
...
>> Is there always a https tunnel with (strong) encryption between these
>> parties anyway?
> 
> Nope, not in the case where there are intermediate systems between the
> IdP and SP.

I was under the impression that Shib IdP and SP (and their components AAR
and shibd) were always talking directly to each other (once the part with
the WAYF server involvement was over). How is an architecture setup that has
one or more intermediate systems between IdP and SP? Are there any proxies
or loadbalancer between them? Or can this only happen if one is not using
the Internet2 implementation of Shibboleth?

-- 
Beste Gruesse / Kind Regards

Reimer Karlsen-Masur
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 40 808077-615 / +49 40 808077-555 (Hotline)
PGP RSA/2048, 1A9E4B95, A6 9E 4F AF F6 C7 2C B8  DA 72 F4 5E B4 A4 F0 66

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature