How to sign the IdP metadata?

Peter Schober peter.schober at
Wed Nov 28 10:17:50 EST 2012

* Ian Young <ian at> [2012-11-28 16:11]:
> On 28 Nov 2012, at 15:07, WULMS Alex <Alex.WULMS at> wrote:
> > Do you know of some existing tool or script that I can use to sign
> > it with our private key?
> You could try this:

Or samlsign from

> Having said which, I'm not clear why the SP in question thinks they
> want metadata you're giving them out of band signed.  Or are they
> proposing to pick it up dynamically?

Either that or maybe they're even thinking PKIX path verification on
the signing cert. Never hurts to ask why (even though I doubt they'd
answer "security theatre" even if that'd be the case :)

More information about the users mailing list