Google Apps with IdP v3 not working

Cantor, Scott cantor.2 at
Fri Aug 28 14:13:00 EDT 2015

On 8/28/15, 1:58 PM, "users on behalf of Tom Poage" <users-bounces at on behalf of tfpoage at> wrote:
>In V2 we set these apart in a named <EntitiesDescriptor> metadata group,
>with a corresponding <RelyingParty> entry with encryptAssertions="never"
>for the SAML2SSOProfile.

I've been too lazy to, but intended to.

>Given the direction metadata aggregates seem to be headed (cf.
>per-entity), is the metadata group supported in V3? Recommended?

Groups are fine when you control the metadata. I doubt you're planning to stand up a metadata service so you can query for metadata you had to stick in a file to start with.

>Alternatively, IIRC relying-party.xml in V2 is by default not
>auto-reloaded, so any change in V2 to add a new profile configuration by
>named relying party requires container restart. Does V3 auto-reload
>relying-party.xml by default now, where adding an entity to the 'longish
>list' above gets picked up without a restart?

Don't recall, but whether it reloads by default shouldn't really impact whether you do that. If you mean can it be, yes, the RP config service is certainly reloadable.

V2 used to have a nasty bug that locked it up when that file reloaded. Bad enough that I still don't reload mine after all this time.

-- Scott

More information about the users mailing list