Hi all,
we changed little bit the way we want to do the delegations. Instead of
using kerberos tickets (and KDC ) we will use X509 certificates.
I now have testing CA on the radius server end. After successful
authentication, I make a key pair and corresponding certificate for the
client. I'd like to send those to the service end (as it might act as a
client afterwards). The easiest way seems to be to use SAML assertions
(as those are already used in liveDVD I use and it works). I can't see
the proper elements to use on the first sight, maybe someone can help me.
<saml:Attribute Name=some oid?>
<saml:AttributeValue> cert. there </saml:AttributeValue></saml:Attribute>
but I don't know if it can be done this way. Or I can see
<ds:X509Certificate> in the xmldsig profile, this may be the better way.
Thx
Marcel Poul
On 09/29/2013 03:13 PM, Alan Buxey wrote:
> hi,
>
> an interesting use case but I fear that the client end would have to
> have additional code and functions to perform this request - the RADIUS
> end would ALSO have to have changes to pass the required serviceprincipal
> stuff down to the client within the EAP section.
>
> alan
>
|