Saml令牌 [英] Saml token

问题描述

我可以不签名就创建一个saml令牌吗?
我需要序列化和反序列化令牌(WCF客户端<->服务交互)，但是我不需要签名也不需要加密.

Can I create a saml token without signing it?
I need to serialize and deserialize the token (WCF client <--> service interaction), but I do not need the signature nor the encryption.

推荐答案

AFAIR ，您不能，这是设计使然./

您确实需要签名和加密，才能使SAML令牌有用.没有签名和加密，就无法信任SAML令牌，而它们的目的就是安全性.

AFAIR, You can''t, and this is by design./

You do need both the signing and the encryption, for the SAML token to be useful. Without both signing and encryption, you cannot trust the SAML token, and the purpose of these is security.

这篇关于Saml令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！