IDP 3.4.3 Expiring Signing Certtificate Rollover
Cantor, Scott
cantor.2 at osu.edu
Tue Feb 4 18:38:35 EST 2020
> I have verified that old and new signing cert works but only one at a time
> depending on which bean is not commented out or which bean is first within
> util:list in credentials.xml
What exactly are you expecting to happen? Any given security and signing configuration is going to use exactly one key, and other than exceptional cases involving different key types, there's no concept of picking a key based on anything other than a local decision over which key to use.
> Haven't found other documentation.
Controlling credentials is documented in [1]
-- Scott
[1] https://wiki.shibboleth.net/confluence/display/IDP30/SecurityConfiguration
More information about the users
mailing list