reflecting the CredentialResolver in generated metadata

Cantor, Scott cantor.2 at
Tue Apr 22 11:21:28 EDT 2014

On 4/22/14, 11:17 AM, "Tom Scavo" <trscavo at> wrote:

>Just a reality check...
>Does the Shibboleth SP Metadata Generation Handler accurately reflect
>the configured CredentialResolver?

Yes, that's one of the main reasons consuming that metadata is generally
wrong, since it makes key rollover impossible (meaning the metadata
becomes inextricably tied to the actual state of the credentials at

-- Scott

More information about the users mailing list