SSL Certificate update
Peter Schober
peter.schober at univie.ac.at
Thu Sep 13 13:56:43 EDT 2018
* Srinu Anumaneni <srinu.ydlp at gmail.com> [2018-09-13 19:30]:
> xyz.com's ssl certification is expired, do we need to change
> metadata added in pqr.com.
If that's a question the answer is "no", at least as long as the
involved systems adhere to OASIS SAML MetaIOP[1], as the Shibboleth
IDP and SP do.
> If I change metadata file I am getting expections.
Signature validation should fail if on the SP side if the cert in
metadata at the SP (about the IDP) doesn't match the key the IDP signs
with. Is that what you're getting? Or other exceptions (be specific
and provide the literal error messages)?
-peter
[1] SAML V2.0 Metadata Interoperability Profile
https://wiki.oasis-open.org/security/SAML2MetadataIOP
More information about the users
mailing list