IDP 3.4.3 Expiring Signing Certtificate Rollover

Cantor, Scott cantor.2 at
Tue Feb 4 18:38:35 EST 2020

> I have verified that old and new signing cert works but only one at a time
> depending on which bean is not commented out or which bean is first within
> util:list in credentials.xml

What exactly are you expecting to happen? Any given security and signing configuration is going to use exactly one key, and other than exceptional cases involving different key types, there's no concept of picking a key based on anything other than a local decision over which key to use.
> Haven't found other documentation.

Controlling credentials is documented in [1]

-- Scott


More information about the users mailing list