IdP metadata certificate

Cantor, Scott cantor.2 at
Wed Jul 22 15:45:09 UTC 2020

On 7/22/20, 11:28 AM, "users on behalf of Donald Lohr" <users-bounces at on behalf of lohrda at> wrote:

>    This is likely a dumb question.  The certificate in the IdP metadata for 
>   signing and encryption, do folks use a signed certification (by a CA) or 
>    a self-signed certificate?

Unless you plan to either never federate with IOP-compliant SPs [1] or set yourself up for hours (in my case months) of work every year, you literally *cannot* use a commercial certificate, because by definition it expires.

-- Scott


More information about the users mailing list