InCommon metadata support

[Tom Scavo <>]

Hi Vince,

On Fri, Aug 28, 2015 at 8:36 AM, Esquivel, Vince 
<>
 wrote:
>
> I am going to be moving my current IDP(on shibboleth) to a new server (third
> party appliance) and the entity ID will remain the same.

Are you upgrading to Shibboleth IdP V3 [1] at the same time?

> What will be changing is the metadata

The general strategy is to change as little as possible. The fact that
you are not changing the entityID is a Very Good Thing.

> and signing certificate for this IDP.

Be sure to *migrate* a new signing certificate into metadata. [2] Do
not simply replace the old certificate with the new certificate.

> We are
> members of InCommon and I was needing to know what the gotchas will be from
> doing this method of migration?

Do you intend to change the SAML protocol endpoints in metadata? You
should avoid that if possible. Refer to [1] for details.

> What could be the expected service
> interruption to the SP’s and any other things I need to look out for.

Well, that depends on your answers to the previous questions and
whether or not all your SP partners are refreshing metadata as
recommended by InCommon. [3]

Tom

[1] https://spaces.internet2.edu/x/GYtHBQ
[2] https://spaces.internet2.edu/x/dJiKAQ
[3] https://spaces.internet2.edu/x/JwQjAQ