Difference between revisions of "File:Imdi handshake.png"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 1: | Line 1: | ||
Method used by the IMDI browser to obtain a certificate: | Method used by the IMDI browser to obtain a certificate: | ||
| − | # | + | # The user goes to a login/initialize function of the IMDI browser (this instructs the tool to create a private-/public keypair and a certificate signing request (CSR)) and... |
| − | # | + | # ...lets the IMDI browser start a web browser... |
| − | # | + | # ...to the SLCS with a hash of the CSR added |
| − | # | + | # The user gets redirected (optionally via a Where Are You From (WAYF)) to an Identity Provider (IdP) for his own institution. |
| − | # | + | # The user logs in at his IdP. |
| − | # | + | # The web browser gets redirected back to the SLCS by the IdP, which informs the user he should go back to his application. |
| − | # | + | # The user now has to instruct the IMDI browser that he is ready, which triggers the IMDI browser to send the full CSR to the SLCS. |
| − | # | + | # This step is transparent for the user: the Online CA signs a new certificate with the eduPersonPrincipalName as subject and SLCS sends it back. The IMDI browser stores this certificate and will be using it together with the private key it has, for client side authentication when setting up new https connections. |
Latest revision as of 15:51, 5 January 2010
Method used by the IMDI browser to obtain a certificate:
- The user goes to a login/initialize function of the IMDI browser (this instructs the tool to create a private-/public keypair and a certificate signing request (CSR)) and...
- ...lets the IMDI browser start a web browser...
- ...to the SLCS with a hash of the CSR added
- The user gets redirected (optionally via a Where Are You From (WAYF)) to an Identity Provider (IdP) for his own institution.
- The user logs in at his IdP.
- The web browser gets redirected back to the SLCS by the IdP, which informs the user he should go back to his application.
- The user now has to instruct the IMDI browser that he is ready, which triggers the IMDI browser to send the full CSR to the SLCS.
- This step is transparent for the user: the Online CA signs a new certificate with the eduPersonPrincipalName as subject and SLCS sends it back. The IMDI browser stores this certificate and will be using it together with the private key it has, for client side authentication when setting up new https connections.
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 21:03, 13 October 2009 |  | 811 × 276 (37 KB) | Msalle@nikhef.nl (talk | contribs) | Imdi handshake |
| 17:21, 2 October 2009 |  | 812 × 277 (31 KB) | Msalle@nikhef.nl (talk | contribs) | Reverted to earlier revision | |
| 17:20, 2 October 2009 |  | 812 × 277 (31 KB) | Msalle@nikhef.nl (talk | contribs) | Reverted to earlier revision | |
| 17:20, 2 October 2009 |  | 1,052 × 744 (110 KB) | Msalle@nikhef.nl (talk | contribs) | Reverted to earlier revision | |
| 17:19, 2 October 2009 |  | 812 × 277 (31 KB) | Msalle@nikhef.nl (talk | contribs) | better version | |
| 17:14, 2 October 2009 |  | 1,052 × 744 (110 KB) | Msalle@nikhef.nl (talk | contribs) | png version of imdi browser handshake |
You cannot overwrite this file.
File usage
The following page uses this file:
