SP Key Rollover with IdP encryptAssertions="conditional"
Cantor, Scott
cantor.2 at osu.edu
Thu Sep 22 18:54:22 BST 2011
On 9/22/11 12:31 PM, "Tom Scavo" <trscavo at gmail.com> wrote:
>> If you had complete control
>> of everything I could see how you wouldn't need it 2 though.
>
>You only need complete control at the SP. If you needed to control the
>IdP as well, then key rollover would be impossible in all but the
>simplest deployments.
You do need an IdP using metadata predictably and keeping it in sync. That
is often not the case if the IdP isn't Shibboleth or SSP, so in such
cases, it is in fact royally difficult/impossible.
-- Scott
More information about the users
mailing list