Using shibboleth to create SP metadata file on development server machine
Peter Schober
peter.schober at univie.ac.at
Wed Aug 3 21:56:27 UTC 2022
* Peter Schober via users <users at shibboleth.net> [2022-08-03 23:47]:
> I.e., configure the non-prod system to be identical to prod except for
> the IP address (d'oh) and test with the hosts-file override (as you're
> doing).
"Identical" above includes setting the future-prod SP's entityID value
to the current-prod SP's entityID (because that is and will remain the
SAML name of the prod SP, no?) -- and ideally copy over and use its
keys (sp-key.pem/sp-cert.pem if haven't changed their names), too.
If then the host name in DNS is also migrated over (i.e., future-prod
is configured with current-prod's host name and DNS eventually falls
in line) there should be no reason to change any SAML Metadata at all.
-peter
More information about the users
mailing list