updating SP's signing cert in metadata

Cantor, Scott cantor.2 at osu.edu
Fri Oct 13 11:39:47 EDT 2017

On 10/13/17, 11:26 AM, "users on behalf of John Dennis" <users-bounces at shibboleth.net on behalf of jdennis at redhat.com> wrote:

> That's not my understanding. Keys used in metadata are independent of  the transport layer.

That's incorrect. "signing" in metadata just means "authentication" and applies to TLS or signing.

Nevertheless, vendors by and large don't use artifacts so you really don't need to worry about it much, and if you don't even support a back channel then you definitely don't have to worry about it.

-- Scott

More information about the users mailing list