We are building SPS in our enterprise and are looking at various means to secure SPS to Application communication. Since the solution is for internal apps only so we dont have any firewall between SPS and Appservers.
Is setting SSL between SPS and AppServer enough to secure communication or would client cert authentcation need to be configured. What are the various approaces that others have followed. Can someone please shed some light on this . What we want to avoid is a direct access to the application if someone gets hold of the servers and mimics the headers that siteminder sends to the App.