updating SP's signing cert in metadata

Cantor, Scott cantor.2 at osu.edu
Thu Oct 12 14:34:24 EDT 2017

On 10/12/17, 2:30 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:

> I think I can ease the transition by adding the new cert initially without removing the old in their metadata, and the IdP is smart
> enough to rely on the right cert; then after the switch is verified, remove the old. Am I correct?

Depends on whether it's used for signing, encryption, or both and what Salesforce itself is doing. You can't have a key in the metadata the IdP might pick to encrypt with if the other end doesn't know to use it.

-- Scott

More information about the users mailing list