Closed christophebourguignon closed 9 years ago
Every RP should use SSL. And you need a different cert for that (unless it is a wildcard SSL cert).
Thanks. There is an option "Require Token Encryption". Isn't it enough to encrypt the token to the RP without using SSL ?
no SSL is not only about encryption. I can still replay an encrypted token e.g.
Thanks for your help.
Hi,
I am using the Identity Server under SSL and i would like to add a SharePoint RP. Does this RP need to run under SSL too ? In the affirmative may I use the same certificate as the Identity Server ? What's the best practice ?
Thanks