Removing Certs from Metadata

[Zmuda, Matthew R]

What do you mean idp-metadata.xml isn't relevant anyway? IDP still loads in this file in relying-party.xml. And yes I understand we shouldn't be changing certs often. But unfortunately that is out of my control :P


Matthew Zmuda | IT Solutions Developer
DCTS - Online Channels - Authentication and Security
P: 519-667-6052 | F: 519-667-6917


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Monday, November 28, 2011 1:35 PM
To: users at shibboleth.net
Subject: Re: Removing Certs from Metadata

On 11/28/11 1:27 PM, "Zmuda, Matthew R" <Matthew.R.Zmuda at td.com> wrote:
>
>As per our process we install new certs on a fairly regular basis. So it
>would be nice to simply deploy the public cert 1 time to our server and
>have the relaying-party.xml and idp-metadata.xml pick up the change
>without any copy and paste. Not a big deal I suppose.

You shouldn't be using certs that change on a constant basis for SAML. The
idp-metadata.xml file isn't relevant anyway. You would need to deal with
any federation(s) to whom you supply metadata. You can't do that by
changing a local setting. That's yet another reason why it shouldn't be
done often.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.