IdP metadata certificate
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 22 15:45:09 UTC 2020
On 7/22/20, 11:28 AM, "users on behalf of Donald Lohr" <users-bounces at shibboleth.net on behalf of lohrda at jmu.edu> wrote:
> This is likely a dumb question. The certificate in the IdP metadata for
> signing and encryption, do folks use a signed certification (by a CA) or
> a self-signed certificate?
Unless you plan to either never federate with IOP-compliant SPs [1] or set yourself up for hours (in my case months) of work every year, you literally *cannot* use a commercial certificate, because by definition it expires.
-- Scott
[1] https://wiki.oasis-open.org/security/SAML2MetadataIOP
More information about the users
mailing list