Expiring IDP signing certificate
Cantor, Scott
cantor.2 at osu.edu
Thu Jun 9 12:45:26 UTC 2022
On 6/8/22, 5:08 PM, "users on behalf of Ullfig, Roberto Alfredo via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> I don't think this was mentioned but you can configure the Shibboleth IDP to support more than one signing
> private key - basing the key off of the relying party. We had to do this for one of our service providers that was
> having difficulty updating the public certificate. That SP continued to use the expired private key for a week or
> so.
I posted an example of the best way to deal with all this in the wiki last week.
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/2986475557/MetadataDrivenConfigurationExamples
-- Scott
More information about the users
mailing list