Hi All,
I am trying to understand how to specify in
the Relying Party Security Policy the authentication method (e.g. username/pwd,
X509 certificate, …) a user has to use to authenticate to the IP/STS when
requesting security tokens.
I think it is necessary to insert another
parameter into the RP’s web.xml file.
I saw in a security policy example a field “Issuer”
as follows:
<param-name>Issuer</param-name>
<param-value>shib2.internet2.edu</param-value>
I know the Higgins STS provides some
endpoints:
…./services/MetadataX509Token (X509
Authentication)
…/services/MetadataUsernameToken (UsernamePassword Authentication)
and so on.
Is it possible to insert another parameter
(for example a MetadataReference parameter that identifies the STST endpoint to
be used) to specify the authentication method? Do you know if, adding a
parameter like this, CardSpace will properly manage it and select only the
cards that meet the required authentication method?
Any ideas?
Thanks in advance.
Best Regards.
============================
Dr. Leonardo Straniero
CRS - Corporate Research
TXT e-Solutions SpA
c/o Tecnopolis N.O.
Strada Prov. per Casamassima
Km 3
70010 Valenzano (BA)
- Italy