updating SP's cert in metadata

Cantor, Scott cantor.2 at osu.edu
Fri Sep 28 12:47:24 EDT 2018

On 9/28/18, 12:37 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:

> I added the new cert to my copy of the SP metadata, anticipating a transition period where either cert could be used, 
> but that triggers this error in processing an incoming request: 

That isn't going to help with an encryption key change, that can't be done solely with a metadata tweak and can easily just break the SSO. That's not your problem here, I'm just pointing it out.

> Is the strategy flawed or did I do something else dumb?

Not dumb, but if that's an encryption key then you made a mistake *and* the strategy is flawed.

-- Scott

More information about the users mailing list