[Code] Encrypting communication between the OP and the RP
Russ Ferrill
rferrill at vendorsafe.com
Thu Apr 12 20:04:27 UTC 2012
Hello,
I am implementing an Open ID provider using the DNOA code. I want to be sure that the communication between the OP and the RP is secure. I'm only concerned about authentication requests and authentication responses. As far as I can tell from looking at the code this is all "indirect" communication accomplished by redirecting the end-user's browser. I want to be sure that the data included in the authentication request and the authentication response is encrypted. In order to accomplish this, do I have to do anything other than make the OP endpoint an https url protected by SSL? Would it be a good idea to set the require ssl configuration values to true? Is there anything else specific to the DNOA code that I need to configure or modify in order to support this?
Thanks.
Russ Ferrill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20120412/39c25a31/attachment.html>
More information about the Code
mailing list