Cert rollover gone bad

Tom Scavo trscavo at gmail.com
Sat Jun 4 13:22:14 EDT 2016


On Sat, Jun 4, 2016 at 1:18 PM, Izz Noland <izz.noland at wepanow.com> wrote:
>
> ... I began thinking
> that it's possible their IdP was using one cert, and with OpenAM only
> allowing you to specify a single pair, something in the assertion is wrong
> coming across (mixed usage of both certs?)...

That's the problem. It's not possible to seamlessly migrate an
encryption cert without support for multiple decryption keys in
software.

Tom


More information about the users mailing list