[英]SAML + web service client + client certificate
I need help reqarding SAML and WS-Security architecture (or possibly completely different standards?).我需要有关 SAML 和 WS-Security 架构(或可能完全不同的标准?)的帮助。
I have following platform-independent scenario which I need to secure using client certification authentication.我有以下独立于平台的场景,我需要使用客户端认证身份验证来保护这些场景。 Scenario is not-interactive, only web service client is involved (1).
场景非交互,仅涉及 web 服务客户端(1)。
(1) WS client -> (2) WS's on Service Provider (SP) -> (3) Identity provider (IdP) (1) WS 客户端 -> (2) WS 上的服务提供者 (SP) -> (3) 身份提供者 (IdP)
My question is how exactly this scenario could be covered with security standards such as SAML, WS-Trust or other.我的问题是如何使用 SAML、WS-Trust 或其他安全标准来涵盖此场景。
Thanks谢谢
Pretty much any "federation" protocol could be used - OIDC, SAML, WS-Fed, WS-Trust... Take your pick.几乎可以使用任何“联合”协议——OIDC、SAML、WS-Fed、WS-Trust……任你选择。
Of the protocols listed... Only WS-Trust would work slightly different... In WS-Trust, depending on who actually the SP and IdP are, the SP could ask the browser to present a certificate that the SP could ask the IdP in an STS call to authenticate.在列出的协议中...只有 WS-Trust 的工作方式略有不同...在 WS-Trust 中,根据 SP 和 IdP 的实际身份,SP 可以要求浏览器提供证书,SP 可以要求 IdP在 STS 调用中进行身份验证。 This would only work if both the IdP and SP were configured to trust the same specific CA.
这仅在 IdP 和 SP 都配置为信任相同的特定 CA 时才有效。 This would result in not getting bounced from SP to IdP and back.
这将导致不会从 SP 退回到 IdP 并返回。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.