IdP Metadata

Cantor, Scott cantor.2 at
Wed Apr 17 09:32:54 EDT 2019

On 4/17/19, 1:05 AM, "users on behalf of Richard Levenberg" <users-bounces at on behalf of richardl at> wrote:

> What is the suggested mechanism by which IdP metadata is signed and does dynamically reflect the IdP's configuration?

Metadata cannot, by definition, do its job if it dynamically reflects a system's actual configuration. Use cases require that it *not* reflect the actual configuration in a variety of scenarios. Automating it is, essentially, an anti-pattern.
-- Scott

More information about the users mailing list