Adding Another IDP Signing Certificate in Shib 3.x SP

Bhagwat, Shrikant shrbhagw at
Mon Feb 10 08:12:25 EST 2020

Other party is IDP, they have modified their metadata to include it & we manage Shibboleth 3.x SP based on IIS. 

They told us keep old IDP Signing Cert & Add new one as well.

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Monday, February 10, 2020 7:48 AM
To: Shib Users <users at>
Subject: RE: Adding Another IDP Signing Certificate in Shib 3.x SP 

External Email - Use Caution

> I have SAML 2.0 IDP , their existing signing certificate is expiring. 
> They have added new signing certificate. How can modify 
> Shibboleth2.xml file to recognize two IDP Signing cert at same time.

You don't, they modify their metadata to include it.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues 

More information about the users mailing list