cantor.2 at osu.edu
Thu Aug 6 17:09:01 UTC 2020
The IdP does not use its own metadata, not ever, in any way. Behavior is in the configuration (or driven by SP metadata).
As far as the entityID is concerned,
I wouldn't. I have 120+ cloud integrations. Not a single one uses a different key or entityID, excepting while I was changing my key on an interim basis. Who is telling you to do this?
Relying party overrides contain a responderId property that controls the entityID used. The one in credentials.xml is for a more obscure purpose but if you're defining your own separate credential in that file anyway, it doesn't hurt anything to also override the entityID there. The p:entityId-ref="entityID" syntax refers to populating it from a bean that takes its value from the idp.properties setting. The same thing is done internally on the RelyingParty parent bean underlying all of the overrides.
More information about the users