SP certificate expiration

Tue Apr 26 18:24:16 EDT 2016

Andrew,

> Some Googling around indicates that the IDP doesn't care if the certificate expires.  Can anyone confirm that?

Shibboleth with defaults, pretty certain yes.  I think it would care if you used PKIX.  Other implementations are all over.

> Can I enable assertion encryption using this self-signed certificate that will expire in 1 year?

I wouldn’t bank on it because of the variation in implementations, but probably.

> What have other people done for Salesforce?

It’s not in use here.

Hope this helps,
Nate.