Google Apps with IdP v3 not working
cantor.2 at osu.edu
Fri Aug 28 14:13:00 EDT 2015
On 8/28/15, 1:58 PM, "users on behalf of Tom Poage" <users-bounces at shibboleth.net on behalf of tfpoage at ucdavis.edu> wrote:
>In V2 we set these apart in a named <EntitiesDescriptor> metadata group,
>with a corresponding <RelyingParty> entry with encryptAssertions="never"
>for the SAML2SSOProfile.
I've been too lazy to, but intended to.
>Given the direction metadata aggregates seem to be headed (cf.
>per-entity), is the metadata group supported in V3? Recommended?
Groups are fine when you control the metadata. I doubt you're planning to stand up a metadata service so you can query for metadata you had to stick in a file to start with.
>Alternatively, IIRC relying-party.xml in V2 is by default not
>auto-reloaded, so any change in V2 to add a new profile configuration by
>named relying party requires container restart. Does V3 auto-reload
>relying-party.xml by default now, where adding an entity to the 'longish
>list' above gets picked up without a restart?
Don't recall, but whether it reloads by default shouldn't really impact whether you do that. If you mean can it be, yes, the RP config service is certainly reloadable.
V2 used to have a nasty bug that locked it up when that file reloaded. Bad enough that I still don't reload mine after all this time.
More information about the users