Another day, another attribute
Rod Widdowson
rdw at steadingsoftware.com
Fri Nov 23 11:13:59 EST 2012
I guess that I am surprised that, for a new installation, you are using
Apache since it means more work for you. But that has to be your call. I
will suggest strongly that you test SAML1 since you will need this (as well
as SAML2) in the UK federation for a few years yet.
> Shouldn't these credentials be syncronised ? If so, how do I do that ?
Possibly.
You may well want (and it could be your federations recommendation) to use a
different certificate for the IdP & port 8443 from the one user for port
443. Not least of the reasons is to save you the effort of updating
everywhere when your browser certificate need renewed.
I would very much recommend that you use the same key/certificates for the
8443 port and the IdP other uses and I would view it as essential these come
from the same file. Configure this by editing the config files to make sure
that they point to the same place. For myself I would edit the httpd config
to collect from the IdP config space rather than the other way around.
Rod
More information about the users
mailing list