* Tompkins,Charles R <crt at ufl.edu> [2014-02-28 01:35]: > Make sure you get the IdP and SP metadata exchanged out-of-band and > know when the IdP metadata changes. Entities shouldn't be pulling (probably unsigned) metadata from the other end anyway, firewall or not. -peter