IdP Signing Certificate question

Cantor, Scott cantor.2 at
Thu Jan 21 20:15:47 UTC 2021

On 1/21/21, 3:04 PM, "users on behalf of Andrew Jason Morgan" <users-bounces at on behalf of morgan at> wrote:

>    I suppose the small fix for this particular SP is to configure the IDP to use a different signing key/cert for this one SP.

The problem is that you don't (generally) know which ones are which until you know, and once you know, you can manage the change without needing to give it a different key (on a long term basis, you just control when you roll to the new one).

-- Scott

More information about the users mailing list