SP Key Rollover with IdP encryptAssertions="conditional"
cantor.2 at osu.edu
Thu Sep 22 18:54:22 BST 2011
On 9/22/11 12:31 PM, "Tom Scavo" <trscavo at gmail.com> wrote:
>> If you had complete control
>> of everything I could see how you wouldn't need it 2 though.
>You only need complete control at the SP. If you needed to control the
>IdP as well, then key rollover would be impossible in all but the
You do need an IdP using metadata predictably and keeping it in sync. That
is often not the case if the IdP isn't Shibboleth or SSP, so in such
cases, it is in fact royally difficult/impossible.
More information about the users