Ok, that helps. Did you use the same certificate for encrypting the proof key in the SAML token ?
Thanks Pablo. -----Original Message----- From: Ming Jin [mailto:[email protected]] Sent: Wednesday, September 30, 2009 2:37 PM To: [email protected] Subject: Re: Certificates for Active and Passive STS We used the single certificate "OPS.com", that makes the configurations and correlations not too complicated. And that's helpful for us to keep focusing on the implementation of Active/Passive STS. On Wed, Sep 30, 2009 at 6:15 PM, Pablo Cibraro <[email protected]>wrote: > Do you think is a good idea to reuse the two existing certificates > "BSL.com" for the Passive STS (As this service is running as part of the > Online bank according to the specification) and "OPS.com" for the Active STS > (as this service is running as part of the broker) ? > > Thanks > Pablo. > > -----Original Message----- > From: Pablo Cibraro [mailto:[email protected]] > Sent: Wednesday, September 30, 2009 2:04 PM > To: [email protected] > Subject: Certificates for Active and Passive STS > > Hi, > > I am currently working on the .NET implementation of the Active and Passive > STS for the claim-based security version. We haven't defined yet the X509 > certificates that these two services will use to sign the SAML tokens. What > certificates are the rest of the implementations using for these services ?. > > Thanks > Pablo. > > -- Ming Jin Consultant Thoughtworks, Inc Twitter: https://twitter.com/mingjin
