Question about relying-party-system.xml
Cantor, Scott
cantor.2 at osu.edu
Wed Jun 30 18:56:48 UTC 2021
On 6/30/21, 2:48 PM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at shibboleth.net on behalf of rullfig at uic.edu> wrote:
> Yes, understand all that. Service owners have long been notified - some applications have been tested with
> the new certificate, etc. We've even encountered an SP that broke when we added the second certificate to
> federated metadata.
I have also. I'll name them: Cornerstone.
> I think we've prepared as much as we could. Major applications should be fine - there might be a few that
> break though.
I have over 200 systems that are essentially either manually dealt with by me or manually by the vendor, so there's really no amount of preparing that would have done any good, I had to limit the change to the rest and deal with the others one by one over 9 months of time.
The only difference if I hadn't been changing the actual key is that if I had chosen to pull the plug all at once, there's a chance some number of the 200 would have worked, but I wouldn't even hazard a guess as to how many. I doubt it would have been more than half at best.
-- Scott
More information about the users
mailing list