IDP key rollover
Cantor, Scott
cantor.2 at osu.edu
Tue Jul 7 19:51:27 UTC 2020
On 7/7/20, 3:42 PM, "users on behalf of Zico" <users-bounces at shibboleth.net on behalf of mailzico at gmail.com> wrote:
> Quick question: isn't IDP key rollover supported in v3 or v4 now?
Key rotation is not, modulo basic features any IdP has to support to be a non-toy, just a matter of software behavior. It's a meticulous process involving a whole range of technical and non-technical steps, and is generally painful at any scale.
You never do it unless you have a specific reason, and you do it in such a way as to eliminate whatever issue caused it to happen so it doesn't recur.
I have discussed mine at length on list. It took 9 months from start to finish.
-- Scott
More information about the users
mailing list