updating SP's signing cert in metadata
Cantor, Scott
cantor.2 at osu.edu
Thu Oct 12 14:34:24 EDT 2017
On 10/12/17, 2:30 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:
> I think I can ease the transition by adding the new cert initially without removing the old in their metadata, and the IdP is smart
> enough to rely on the right cert; then after the switch is verified, remove the old. Am I correct?
Depends on whether it's used for signing, encryption, or both and what Salesforce itself is doing. You can't have a key in the metadata the IdP might pick to encrypt with if the other end doesn't know to use it.
-- Scott
More information about the users
mailing list