Does it makes sense to have both SAML Assertion and Mutual SSL
I'm being asked to do this and 开发者_开发问答I think they're both trying to accomplish the same thing. Would it make sense to require both?
Which binding are you using?
I'm assuming SOAP binding based on the nature of your question. If you are signing the Assertion, and mutual auth SSL is using the same private key/certificate, it's not buying you anything. Certainly SSL is good for encryption/privacy - but that could be your standard server SSL/TLS - no need for client SSL.
精彩评论