How to sign the IdP metadata?
Peter Schober
peter.schober at univie.ac.at
Wed Nov 28 10:17:50 EST 2012
* Ian Young <ian at iay.org.uk> [2012-11-28 16:11]:
> On 28 Nov 2012, at 15:07, WULMS Alex <Alex.WULMS at swift.com> wrote:
> > Do you know of some existing tool or script that I can use to sign
> > it with our private key?
>
> You could try this:
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/XmlSecTool
Or samlsign from
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPCommandLine
> Having said which, I'm not clear why the SP in question thinks they
> want metadata you're giving them out of band signed. Or are they
> proposing to pick it up dynamically?
Either that or maybe they're even thinking PKIX path verification on
the signing cert. Never hurts to ask why (even though I doubt they'd
answer "security theatre" even if that'd be the case :)
-peter
More information about the users
mailing list