Changing IDP Metadata Cert

[Cantor, Scott]

On 8/16/22, 4:24 PM, "users on behalf of Jason Rotunno via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    Thanks, Scott. That's actually helpful.

Well, at least not wasted time then.

The problem is that the "best" ways to tackle the whole problem involve some pretty advanced approaches to configuring the IdP that we need to put together more how-tos on because it's very hard to get across what you can do with the system in a simple email.

Basically it's possible to construct beans that represent the security configuration, including the signing key, and you can attach tags to the metadata for SPs that identify which security config to use, or default to the standard one.

That's where you want to be and we probably need to start shipping some defaults that lay all that out so it's easier to adopt that approach.

-- Scott