Service Registration and Security - Secrecy of Passcode
18 views
Skip to first unread message
John Breen
Jun 30, 2014, 9:22:44 AM6/30/14
to cas...@googlegroups.com
Hello Casshib Project,
I have a development implementation of Casshib setup and in reviewing everything I have some questions about the service registration and security. Specifically, the items documented here:
https://code.google.com/p/casshib/wiki/CASShibExplained?ts=1239060016&updated=CASShibExplained#Service_registration_and_security
Why is a passcode required to be secret?
It seems to me that because all services must be registered, then there is no risk of a bogus service creating tickets. Then why is a secret passcode also required? Does it really need to be kept secret?
Knowing the passcode exposes the ticket validator, and it seems to me without knowing the ticket no user attributes would be exposed and knowing the ticket is a hard thing to do. So it is not clear to me why the passcode must remain a secret.
Thanks,
John
I have a development implementation of Casshib setup and in reviewing everything I have some questions about the service registration and security. Specifically, the items documented here:
https://code.google.com/p/casshib/wiki/CASShibExplained?ts=1239060016&updated=CASShibExplained#Service_registration_and_security
Why is a passcode required to be secret?
It seems to me that because all services must be registered, then there is no risk of a bogus service creating tickets. Then why is a secret passcode also required? Does it really need to be kept secret?
Knowing the passcode exposes the ticket validator, and it seems to me without knowing the ticket no user attributes would be exposed and knowing the ticket is a hard thing to do. So it is not clear to me why the passcode must remain a secret.
Thanks,
John
bko...@gmail.com
Jul 2, 2014, 4:05:24 PM7/2/14
to cas...@googlegroups.com
John, it's been a long time now since I originally wrote that code, but the thinking there may have been not so much protecting against bogus unregistered service providers, but preventing two registered legitimate service providers from being able to see each others attributes.
i.e., service 1 may only get 'eduPersonPrincipalName' and service 2 may get a whole lot more than that. We wouldn't want service 1 to act like service 2 and get attributes it shouldn't be getting.
i.e., service 1 may only get 'eduPersonPrincipalName' and service 2 may get a whole lot more than that. We wouldn't want service 1 to act like service 2 and get attributes it shouldn't be getting.
Reply all
Reply to author
Forward
0 new messages