By: Alex Bublichenko user 03 Dec 2018 at noon CST

1 Response
Alex Bublichenko gravatar
Does Shibboleth bundled with Gluu server support SAML assertion encryption and "holder-of-key" subject confirmation? I am also curious if anyone has set up holder-of-key instead of bearer subject confirmation and what kind of key scheme they found practical (besides x509 certificates)? To add context, I am looking for a federation solution that meets FAL3 as described in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63c.pdf P.S. Couldn't find answers with quick search here. I am new to this area, so pardon me if it's a repetitive or tiresome question.

By Michael Schwartz staff 03 Dec 2018 at 12:08 p.m. CST

Michael Schwartz gravatar
If Shibboleth supports it, the Gluu Server supports it. If you can't configure something via the oxTrust admin GUI, you can create a "custom template". Please post here if you are able to figure out how to do it!