SP Create IdP Metadata
Mark Neidig
mneidig at ftni.com
Mon Mar 9 16:47:13 EDT 2015
Thank you for your response.
It seems I mislead you. I installed the certificate into the windows server, not into Shibboleth. I originally provided that bit of information to give the certificate some sort of validity.
I have the IdP's x509.der file. But, where do I get the "base64-encoded certificate" for the metadata file's <ds:X509Certificate> element?
https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataForIdP
Is this the following the route I should pursue?
<ValidationInfo verifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security">
<Certificate>/path/to/trusted/cert1</Certificate>
<Certificate>/path/to/trusted/cert2</Certificate>
<CRL>/path/to/trusted/crl</CRL>
</ValidationInfo>
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Monday, March 09, 2015 2:03 PM
To: Shib Users
Subject: Re: SP Create IdP Metadata
On 3/9/15, 1:14 PM, "Mark Neidig" <mneidig at ftni.com> wrote:
>He provided his X509 cert and I've successfully installed it.
You cannot have done that because there is no place to "install" it. If you did, you likely overwrote something or it's simply being ignored. The only place the key is consumed is from a metadata instance.
>
>I have an IdP metadata file for a different IdP that I can model.
>
>How do I "create" the IdP metadata file as Peter suggested?
Create the file and load it in accordance with the documentation. I don't think I'm understanding the question, or possibly you're overthinking something.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list