Removing Certs from Metadata
Zmuda, Matthew R
Matthew.R.Zmuda at td.com
Mon Nov 28 13:57:40 GMT 2011
I suppose I may be misunderstanding something.
The issue I have is that we don't want to have the production certs sitting around in source control... or having developers have access to the production certs/metadata.
How would a production deployment happen then? I suppose we would deploy out application without the ipd metadata then manually add it after.
Matthew Zmuda | IT Solutions Developer
DCTS - Online Channels - Authentication and Security
P: 519-667-6052 | F: 519-667-6917
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Tom Scavo
Sent: Monday, November 28, 2011 8:49 AM
To: Shib Users
Subject: Re: Removing Certs from Metadata
On Mon, Nov 28, 2011 at 8:43 AM, Zmuda, Matthew R
<Matthew.R.Zmuda at td.com> wrote:
> What are my options for removing the inline = X509Certificate from IDP
> metadata?
>
> I looked through the schema's and didn't notice any ways to load from file,
> or some other way so I don't have to use inline certs in metadata.
The trusted certificates in metadata are meant to be used in
cross-domain fashion so accessing them from the file system is not an
option. I think you're misunderstanding the uses of certificates in
metadata.
Tom
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
More information about the users
mailing list