Removing Certs from Metadata

Cantor, Scott cantor.2 at
Mon Nov 28 18:35:20 GMT 2011

On 11/28/11 1:27 PM, "Zmuda, Matthew R" <Matthew.R.Zmuda at> wrote:
>As per our process we install new certs on a fairly regular basis. So it
>would be nice to simply deploy the public cert 1 time to our server and
>have the relaying-party.xml and idp-metadata.xml pick up the change
>without any copy and paste. Not a big deal I suppose.

You shouldn't be using certs that change on a constant basis for SAML. The
idp-metadata.xml file isn't relevant anyway. You would need to deal with
any federation(s) to whom you supply metadata. You can't do that by
changing a local setting. That's yet another reason why it shouldn't be
done often.

-- Scott

More information about the users mailing list