IdP Metadata
Ian Young
ian at iay.org.uk
Wed Apr 17 09:16:01 EDT 2019
> On 17 Apr 2019, at 06:05, Richard Levenberg <richardl at ufp.com> wrote:
>
> What is the suggested mechanism by which IdP metadata is signed
Signing metadata is most often seen in the context of a third-party trust broker such as a federation like the UK federation or InCommon. There's not much reason to sign metadata yourself outside that kind of context: for example, if you're supplying metadata to a bilateral partner then you can just send them a file.
> dynamically reflect the IdP's configuration?
In the case where you're working with a federation to publish your metadata to other federation members, that varies a lot and depends on the specific federation's registration processes and tools. It might be a question of exchanging mail with the federation operator, or it might involve some sort of web application you log into.
If you are not working with a federation, you probably just edit the file to include the changes you want. The IdP has no automation for this.
Hope this helps,
-- Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190417/bbbf7b2a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190417/bbbf7b2a/attachment.p7s>
More information about the users
mailing list