Upgrading SP from SAML1 to SAML2

Cantor, Scott cantor.2 at osu.edu
Fri Mar 13 15:31:00 EDT 2015


On 3/13/15, 2:53 PM, "John Kamminga" <jkamminga at ucmerced.edu> wrote:

>Hello, I’ve just taken over a Shibboleth IdP implementation and I went to one training seminar. Woohoo!
> 
>I have a Service Provider that is wanting to upgrade from SAML1 to SAML2. My first thought was I don’t need to do anything because our IdP already accepts both.

That depends on how you're getting metadata for that SP. It could be almost all your work to fix or almost none, but basically the metadata has to be fixed because it's probably missing any support for SAML 2 in it.

> 
>According to my relying-party configuration I’m accepting both SAML1 and SAML2 but require SAML2 to be signed.

No, you're not requiring that.

-- Scott



More information about the users mailing list