documentation regarding ApplicationOverrides and metadata generator
cross at hccs.com
Tue Aug 21 09:18:27 EDT 2012
On 8/20/12 6:49 PM, "csross" <[hidden email]> wrote:
>I have multiple v2.4.3 SPs and each defined in an ApplicationOverride
>vhost and I am able to bring up metadata for each SP. The
>indicates this below but it doesn't say what will be wrong or missing.
Lots of advanced features, policy flags, keys during credential
(you CANNOT safely migrate keys using only generated metadata), contact
information, new extensions. Many, many things. None of that has
to do with overrides particularly.
The point about overrides is that by definition a request to a handler
talking to one application, period, and so by definition you can't be
incorporating input coming from the others, whatever that input is.
is no way to answer the specific question unless the purpose of the
overrides is made clear.
>One of the SPs was originally the only one (v2.2) so it was defined as
>ApplicationDefault and the metadata looks very similar. After
>and switching to ApplicationOverrides, I generated the metadata in the
>way (https://site.site.com/Shibboleth.sso/Metadata) and sent it to the
>admin. The IDP is shibboleth and the admin said it looked fine. The
>is working too.
That's usually a sign the override isn't/wasn't needed.
>NOTE: In the metadata when 1 SP as ApplicationDefault was used, the
>certificate is different, there is an extra certificate
>use="signing" and there are these lines
That's not because of the overrides, that's a question of configuration
differences and version differences. You do not need and should not
advertise NameID management endpoints. If you don't know what they do,
don't have them. That goes for essentially everything in the metadata.
As a starting point, you should be able to understand the differences.
you can't do that, I would strongly urge that you read the
There's no other advice I can give but to do that. There's no book to
read, or I would give you a link to it.
To unsubscribe from this list send an email to [hidden email]
If you reply to this email, your message will be added to the discussion
To unsubscribe from documentation regarding ApplicationOverrides and
metadata generator, click here
View this message in context: http://shibboleth.1660669.n2.nabble.com/documentation-regarding-ApplicationOverrides-and-metadata-generator-tp7581403p7581406.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users