Another day, another attribute

Rod Widdowson rdw at
Fri Nov 23 11:13:59 EST 2012

I guess that I am surprised that, for a new installation, you are using
Apache since it means more work for you.  But that has to be your call.  I
will suggest strongly that you test SAML1 since you will need this (as well
as SAML2) in the UK federation for a few years yet.

> Shouldn't these credentials be syncronised ? If so, how do I do that ?


You may well want (and it could be your federations recommendation) to use a
different certificate for the IdP & port 8443 from the one user for port
443.  Not least of the reasons is to save you the effort of updating
everywhere when your browser certificate need renewed.

I would very much recommend that you use the same key/certificates for the
8443 port and the IdP other uses and I would view it as essential these come
from the same file.  Configure this by editing the config files to make sure
that they point to the same place.  For myself I would edit the httpd config
to collect from the IdP config space rather than the other way around.


More information about the users mailing list