Using Two Credential's in relying-party.xml

Cantor, Scott cantor.2 at
Wed Jan 25 17:27:51 GMT 2012

> If understand correctly, from and IDP metadata standpoint it does not make
> sense to define a signing & encryption KeyDescriptor's. Only 1 KeyDescriptor
> <KeyDescriptor use="signing">

That's the most accurate metadata, yes. It will at least tell the SP that it can't encrypt and fail on that end in such a case.

-- Scott

More information about the users mailing list