quick expiry of SP Meta data
Peter Schober
peter.schober at univie.ac.at
Mon May 6 07:41:48 EDT 2019
* Lalith Jayaweera <ljayaweera at gmail.com> [2019-05-06 03:31]:
> I will discourage this, however if we can come up with some meta data
> signing process with the SP,
>
> Then I believe that is the way to go? correct?
They would also need to re-sign that metadata regularly, each time
pushing the validUntil expiration date into the (near, say, between a
couple of days and a few weeks) future.
This is explained in the documentation I already pointed you to:
https://wiki.shibboleth.net/confluence/display/CONCEPT/TrustManagement#TrustManagement-Securingthe%22Inline%22Model
-peter
More information about the users
mailing list