ComponentSpace

Forums



Allowing IdP's to use a fingerprint


Allowing IdP's to use a fingerprint

Author
Message
br1003
br1003
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 21, Visits: 110
Hi,

I'm creating a service provider. Is it possible to have the IdP's that will be using our system to use a SHA-1 fingerprint of the certificate instead of the full certificate? It would be stored in the database. Just makes it a little easier to work with the shorter string.

Thanks
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?

The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).

Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.

Regards
ComponentSpace Development
br1003
br1003
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 21, Visits: 110
ComponentSpace - 1/23/2020
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?

The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).

Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.

Yes, I meant only using the SHA-1 fingerprint

Isn't the IdP's certificate included in the SAML Request from the IdP? Couldn't the SHA-1 be generated from that and compared to what's stored in the SP's database?

Thanks for the response!
br1003
br1003
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 21, Visits: 110
br1003 - 1/23/2020
ComponentSpace - 1/23/2020
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?

The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).

Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.

Yes, I meant only using the SHA-1 fingerprint

Isn't the IdP's certificate included in the SAML Request from the IdP? Couldn't the SHA-1 be generated from that and compared to what's stored in the SP's database?

Thanks for the response!

Actually I'm a dummy. Forget I asked!

Thanks again!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
No worries. Thanks.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search