How to sign the IdP metadata?
WULMS Alex
Alex.WULMS at swift.com
Fri Nov 30 03:59:20 EST 2012
They are not pulling it. They receive it out of band. But yes, eventually the key used for the signature will have to be renewed.
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Thursday, November 29, 2012 2:21 PM
To: users at shibboleth.net
Subject: Re: How to sign the IdP metadata?
* WULMS Alex <Alex.WULMS at swift.com> [2012-11-29 10:15]:
> They claim that the service provider implementation that they use
> mandates a signed metadata file and gives a security error when it is
> provided with an unsigned one. I assume it is some configuration issue
> on their side but don't want to go into a lengthy fight on which party
> (us or them) has to "fix" the issue. It will take me less time to
> simply provide them with a signed metadata file.
Depends. If they'll be regularly refreshing/pulling metadata from you you'd then need to regularly expire and sign your metadata (in the common trust model). So it might not be a configure-time/one-time thing, but a permanent process on your side.
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list