...
The example shown is sufficient for the case of a bearer assertion, or if the Portlet can authenticate with a TLS client certificate. If a digital signature is required, a <ds:Signature> would appear in the <wsse:Security> header, with references to each SOAP header and the body. Each header would carry a wsu:Id attribute to allow it to be referenced. This is a significantly more complex option to implement, with the advantage of not requiring client TLS support on the IdP.
...
| Include Page | ||||
|---|---|---|---|---|
|