SP entityID from multiple metadata sources

Paul Engle pengle at rice.edu
Thu May 7 15:43:58 EDT 2015

On 5/7/2015 2:22 PM, Cantor, Scott wrote:
> On 5/7/15, 3:07 PM, "Paul Engle" <pengle at rice.edu> wrote:
>> Oh no, I know it's not required. But we're going to have to dump the
>> SHA1 certs eventually. And it's a lot easier to get people understand
>> possible disruption because we're doing a major upgrade of the software
>> than to try to explain the vagaries of encryption technologies to them
>> later on.
> It's somewhat risky either way because it tends to create FUD around the change (look at this mess V3 has caused), but that aside, Shibboleth per se does not use SHA-1 in those certs, it's meaningless. Obviously other software does. But you can avoid a good amount of impact by reusing the same key and just changing the certificate.
> -- Scott

Now I feel silly for not thinking of that myself. That would simplify
things a great deal. Once again, you've been a great help. Thanks!


Paul D. Engle              |  Rice University
Sr. Systems Administrator  |  Information Technology - MS119
(713)348-4702              |  PO Box 1892
pengle at rice.edu            |  Houston, TX 77252-1892

More information about the users mailing list