Support for X509SubjectName Name ID
Cantor, Scott
cantor.2 at osu.edu
Thu May 14 13:59:44 UTC 2020
On 5/14/20, 9:49 AM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at shibboleth.net on behalf of rullfig at uic.edu> wrote:
> If you take on their metadata though then you're responsible for it. certificate expirations, security issues, contact
> information, etc ....
None of which is generally accurate, or trustworthy. Vendors rarely roll a key properly, they'll change it locally before it ever shows up in a metadata file, or at the same time, which is going to break anyway. Half the time they put the wrong key in the metadata they send out to people when they inform people of key changes, I've had that happen twice within the last couple of months.
I've never regretted my decision to impose that rule, and it's saved me far more trouble than it's created extra work.
In any event, adding it to the metadata doesn't require owning it, you can use a NameIDFormat filter.
-- Scott
More information about the users
mailing list