This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
There are several profiles that have the derived keys and secure conversation boxes enabled when they should not be. Please work with Jiandong and Kumar on disabling those options on the appropriate profiles.
Furthermore, when SC is chosen then derived keys should be automatically chosen by default (since there is no performance penalty).
Kumar, Jiandong, please provide more details on this issue.
1. Mutual Certificates Security: No Require Derived Key necessary. 2. SAML Holder of Key: No Require Derived Key necessary. 3. SAML Issued Token with server certificate: No Require Derived Key necessary. 4. Message Authentication With SSL: When Enable Secure Session also check Require Derived Key for Secure Session by default. 5. SSL Authorization Over SSL: Add Enable Secure Conversation. The SecureConversationToken should come up in the SignedSupportToken. Same as the Message Authentication Over SSL case.
Changing to enhancement.
Hi Jiandong, I have the changes for 1-4 in. Would you please attach an example of policy for (5) ? Thanks.