Question about relying-party-system.xml

Cantor, Scott cantor.2 at
Wed Jun 30 18:56:48 UTC 2021

On 6/30/21, 2:48 PM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at on behalf of rullfig at> wrote:

>    Yes, understand all that. Service owners have long been notified - some applications have been tested with
> the new certificate, etc. We've even encountered an SP that broke when we added the second certificate to
> federated metadata.

I have also. I'll name them: Cornerstone. 

> I think we've prepared as much as we could. Major applications should be fine - there might be a few that
> break though.

I have over 200 systems that are essentially either manually dealt with by me or manually by the vendor, so there's really no amount of preparing that would have done any good, I had to limit the change to the rest and deal with the others one by one over 9 months of time.

The only difference if I hadn't been changing the actual key is that if I had chosen to pull the plug all at once, there's a chance some number of the 200 would have worked, but I wouldn't even hazard a guess as to how many. I doubt it would have been more than half at best.

-- Scott

More information about the users mailing list