SP Key Rollover with IdP encryptAssertions="conditional"
cantor.2 at osu.edu
Thu Sep 22 19:22:45 BST 2011
On 9/22/11 2:15 PM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>Would the above (by Christopher) still work without specifying a use
>if the SP never signes requests and the IdP pushes attributes to the
>SP (i.e., no SOAP queries to verify)?
Meaning the SPs keys are only for decryption. Yes, I think so.
I tried (and Tom tried) to document for very general cases, and since it's
not all that many more steps, I haven't tried to make it any simpler for
people with a lot of "if" and "assuming".
More information about the users