Removing Certs from Metadata

Zmuda, Matthew R Matthew.R.Zmuda at
Mon Nov 28 19:05:29 GMT 2011

What do you mean idp-metadata.xml isn't relevant anyway? IDP still loads in this file in relying-party.xml. And yes I understand we shouldn't be changing certs often. But unfortunately that is out of my control :P

Matthew Zmuda | IT Solutions Developer
DCTS - Online Channels - Authentication and Security
P: 519-667-6052 | F: 519-667-6917

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Monday, November 28, 2011 1:35 PM
To: users at
Subject: Re: Removing Certs from Metadata

On 11/28/11 1:27 PM, "Zmuda, Matthew R" <Matthew.R.Zmuda at> wrote:
>As per our process we install new certs on a fairly regular basis. So it
>would be nice to simply deploy the public cert 1 time to our server and
>have the relaying-party.xml and idp-metadata.xml pick up the change
>without any copy and paste. Not a big deal I suppose.

You shouldn't be using certs that change on a constant basis for SAML. The
idp-metadata.xml file isn't relevant anyway. You would need to deal with
any federation(s) to whom you supply metadata. You can't do that by
changing a local setting. That's yet another reason why it shouldn't be
done often.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au pour des instructions.

More information about the users mailing list