How to sign the IdP metadata?

Peter Schober peter.schober at
Thu Nov 29 08:21:04 EST 2012

* WULMS Alex <Alex.WULMS at> [2012-11-29 10:15]:
> They claim that the service provider implementation that they use
> mandates a signed metadata file and gives a security error when it
> is provided with an unsigned one. I assume it is some configuration
> issue on their side but don't want to go into a lengthy fight on
> which party (us or them) has to "fix" the issue. It will take me
> less time to simply provide them with a signed metadata file.

Depends. If they'll be regularly refreshing/pulling metadata from you
you'd then need to regularly expire and sign your metadata (in the
common trust model). So it might not be a configure-time/one-time
thing, but a permanent process on your side.

More information about the users mailing list