Forum Discussion
Eric_Frankenfie
May 02, 2011Nimbostratus
The URL will be https://subdomain.customer.com/atchi/app.cgi
· Data will be encrypted by a Java key store
· Data will then be sent via SSL essentially double encrypting the data
SAML is probably post data, so the stream might look like this:
SSL(HTTP(SAML(SOAP(Java Encryption(App Message)))))
So if we do SSL at the F5, we should see everything down to the SOAP message's cleartext fields, assuming that the "main payload" of the SOAP message is what is encrypted, and that this payload contains the actual app message