I’m being asked to do this and I think they’re both trying to accomplish the same thing. Would it make sense to require both?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m being asked to do this and I think they’re both trying to accomplish the same thing. Would it make sense to require both?
Which binding are you using?
I’m assuming SOAP binding based on the nature of your question. If you are signing the Assertion, and mutual auth SSL is using the same private key/certificate, it’s not buying you anything. Certainly SSL is good for encryption/privacy – but that could be your standard server SSL/TLS – no need for client SSL.