leastprivilege
commented
9 years ago Every RP should use SSL. And you need a different cert for that (unless it is a wildcard SSL cert).
Closed christophebourguignon closed 9 years ago
leastprivilege
commented
9 years ago Every RP should use SSL. And you need a different cert for that (unless it is a wildcard SSL cert).
christophebourguignon
commented
9 years ago Thanks. There is an option "Require Token Encryption". Isn't it enough to encrypt the token to the RP without using SSL ?
leastprivilege
commented
9 years ago no SSL is not only about encryption. I can still replay an encrypted token e.g.
christophebourguignon
commented
9 years ago Thanks for your help.
Hi,
I am using the Identity Server under SSL and i would like to add a SharePoint RP. Does this RP need to run under SSL too ? In the affirmative may I use the same certificate as the Identity Server ? What's the best practice ?
Thanks