Shibboleth Migration
Cantor, Scott
cantor.2 at osu.edu
Mon Jul 22 15:51:08 EDT 2013
On 7/22/13 3:40 PM, "Ryan Knell" <rknell at aheliotech.com> wrote:
>
>I am sorry, but I do not quite follow what you are saying about taking
>the time to migrate.
Creating a modern configuration based on the defaults and settings found
in supported releases, meaning transferring specific settings as needed.
> So, if moving everything in etc/shibboleth gets it back up and running,
>then great, but I would much rather do this the right way. Since the new
>server is at a different public IP address, we would not be pointing the
>DNS name to the new server till the weekend so I have several days to
>work on this.
>
>What would be the best approach to this?
The above.
There may also be things like error templates to copy over, but I doubt
they've been touched.
Otherwise, as I said, do *not* play games. Either do the above or just
copy it all.
But if you don't do anything else, you should replace the SecurityPolicies
element in the file with the SecurityPolicyProvider element that's in the
newer file. You don't have to touch the policy file itself, it will be
part of any new install. That will get some algorithms blacklisted that
should be.
I could easily be forgetting something, that's why it's not the best
approach.
-- Scott
More information about the users
mailing list