How to sign the IdP metadata?

WULMS Alex Alex.WULMS at
Fri Nov 30 03:59:20 EST 2012

They are not pulling it. They receive it out of band. But yes, eventually the key used for the signature will have to be renewed.

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Peter Schober
Sent: Thursday, November 29, 2012 2:21 PM
To: users at
Subject: Re: How to sign the IdP metadata?

* WULMS Alex <Alex.WULMS at> [2012-11-29 10:15]:
> They claim that the service provider implementation that they use 
> mandates a signed metadata file and gives a security error when it is 
> provided with an unsigned one. I assume it is some configuration issue 
> on their side but don't want to go into a lengthy fight on which party 
> (us or them) has to "fix" the issue. It will take me less time to 
> simply provide them with a signed metadata file.

Depends. If they'll be regularly refreshing/pulling metadata from you you'd then need to regularly expire and sign your metadata (in the common trust model). So it might not be a configure-time/one-time thing, but a permanent process on your side.
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list