问题描述
任何人都明确解释了"服务通信证书"。 vs"令牌解密证书" vs"令牌签名证书"
我知道"令牌解密证书"听起来很明显是解密令牌的证书。
但我不是最好的证书人员。
我想我想要一个关于订单的大图片以及每个人在任何一端的想法沟通..
以及安装的内容和地点....
所以即时设置STS和依赖方虚拟机...
br>对于STS我安装了一个带有文件名的证书...
sts1签署certificate.pfx
在日内瓦服务器上,安装在STS上我应该配置指针到例如,"令牌签名证书"我之前安装的证书。
所以我的理解是签署一条消息,签署它的发件人使用他的私钥..这就是PFX对我意味着什么。
但我是困惑,因为方向没有告诉我在相应的依赖方方面安装任何东西。
我想我需要安装在证书存储区的依赖方方面的公钥才能够重新计算消息的哈希并进行签名比较...
我的逻辑是错误的吗?
这个东西只是背着消息吗?
我猜我很困惑数字签名在签名的SAML令牌和WS-Federation的上下文中的含义
谢谢!!!
anyone have a clear explanation of
"service communication certificate" vs "token-decrypting certificate" vs "token-signing certificate"
I know it sounds obvious right the "token-decrypting certificate" is the certificate that decrypts the token.
But im not the greatest certificate guy..
i guess i want a big picture of the order these are set up and what each person is thinking at either end of the communication..
and what and where things get installed....
for example
so im setting up the STS and the Relying party VMs...
for the STS I installed a certificate with the file name...
sts1 signing certificate.pfx
in Geneva server, which is installed on the STS
im supposed to configure a pointer to a "token signing certificate"
e.g. the certificate i installed earlier.
so my understanding is that to sign a message the sender who is signing it
uses his private key.. which is what PFX means to me.
but i am confused because the directions have not told me to install anything on the corresponding
relying party side.
I figure I need the public key on the relying party side
installed in the certificate store to be able to recompute the hash of the message and do the signature comparison...
is my logic wrong?
does this stuff just piggy back with the message?
i guess im confused about what a digital signature is in the context of a signed SAML token and WS-Federation
thanks!!!
这篇关于“服务通信证书” vs“令牌解密证书” vs“令牌签名证书”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!