Thanks Nandana for the reply! OK I understand it like this: On clientside, when I recieve the token, I set the private key of the client as secret. But what must I set on the STS-side as secret for the token? There I have also the token before I send it to the client. Must I set there also a secret?
I have following problem when authenticating with the token at a normal service: After I get the token from the STS, I put the token on the clientside into the security header for the next service call to authenticate but on the serverside I get the problem that the signature verification fails. Greetings Chris ----- original Nachricht -------- Betreff: Re: Entropy for PublicKey ADDITION!!!! Gesendet: Mo, 28. Jan 2008 Von: Nandana Mihindukulasooriya<[EMAIL PROTECTED]> > Hi Chris, > IFAIK, If you use PublicKey as the key type and the holder of key > subject confirmation method, > the public key of certificates you used to sign the messages to STS will be > used as the Public > key. So you can set the private key of that certificate as the secret of > the token. > > Thanks, > Nandana > > On Jan 23, 2008 6:34 PM, Christian Mielke <[EMAIL PROTECTED]> wrote: > > > Hi! > > I must add that I want to use PublicKey as KeyType and I want to use > > ServerEntropy. Is this possible? But I have read that when Public Key is > > used, no ProofToken will be sent in the TokenResponse. When I then get > the > > Token on the client side and I have it as object I must use the " > > Token.setSecret-Method". But which secret shall I set there? > > > > Greetings > > Chris > > > > > > ----- original Nachricht -------- > > > > Betreff: Entropy for PublicKey > > Gesendet: Mi, 23. Jan 2008 > > Von: Christian Mielke<[EMAIL PROTECTED]> > > > > > Hi! > > > I want to issue SAML tokens with my token service. For KeyType I want > to > > use > > > PublicKey and not SymmetricKey. When I want to use PublicKey, does the > > > client have to send an entropy? And if yes, which one? A random > > generated or > > > generated out of his certificate? > > > With kind regards > > > Christian > > > > > > > --- original Nachricht Ende ---- > > > > > > > -- > Nandana Mihindukulasooriya > Software Engineer > WSO2 inc. > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > --- original Nachricht Ende ----
