Expiring IDP signing certificate

Cantor, Scott cantor.2 at osu.edu
Fri Jun 3 18:00:15 UTC 2022

On 6/3/22, 1:29 PM, "users on behalf of Les LaCroix via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    I have an old campus SP that I wanted to start publishing via InCommon before switching it over to using our
> Cirrus social login proxy. The SP has an expired cert. Federation Manager said no. I was sad. But I got over it.

I do think that's a mistake. The relevant standard (and it is, it's not a draft or a non-final spec, it is literally an OASIS standard now) is absolutely crystal clear that expiration CANNOT matter. I don't think the federation in adopting that should be precluding something that's clearly allowed by it. But that's just a personal opinion.

-- Scott

More information about the users mailing list