client server(the server sending request)
server may request client to send client certificate for validation.
server will validate client certificate(may be assigned by server)
server will send server certificate to client, client can validate(optional)
client then uses the public key in server certificate to create symmetric key and send to server.
server decrypts symmetric key using public key, and exchange data using symmetric key.
Browser(client), server(server)
client then uses the public key in server certificate to create symmetric key and send to server.
server decrypts symmetric key using public key, and exchange data using symmetric key.
SAML data encryption is done at HTTPS layer above
BOTH IDP and SP pre stores each others certificate in metaData(SAML configuration stage)
IDP and SP should have each other's certificate
SP can still request IDP certificate to validate IDP in request.
SP can create symmetric key using SP private key and encrypt data with this key
IDP can decrypt symmetric key using SP public key and decrypt data
IDP can request SP certificate to validate SP in requests
IDP can create symmetric key using IDP private key and encrypt data with this key
SP can decrypt symmetric key using IDP public key and decrypt data
No comments:
Post a Comment