InCommon metadata support

["Esquivel, Vince" <>]

Scott,


>Hi Vince,

>On Fri, Aug 28, 2015 at 8:36 AM, Esquivel, Vince 
><>
> wrote:
>>
> >I am going to be moving my current IDP(on shibboleth) to a new server 
> >(third party appliance) and the entity ID will remain the same.
>Are you upgrading to Shibboleth IdP V3 [1] at the same time?

The appliance we are moving to will be IdP V2 and not V3.  That will happen 
at a later time, since the appliance doesn’t support V3 yet.


>> What will be changing is the metadata
>The general strategy is to change as little as possible. The fact that you 
>are not changing the entityID is a Very Good Thing.

Yeah the new metadata will be created on the SAML 2 appliance using the 
current entityID  

>> and signing certificate for this IDP.
>Be sure to *migrate* a new signing certificate into metadata. [2] Do not 
>simply replace the old certificate with the new certificate.

I learned my lesson the hard way on this one, so I will be migrating the new 
cert.  


>> We are
>> members of InCommon and I was needing to know what the gotchas will be 
>> from doing this method of migration?
>Do you intend to change the SAML protocol endpoints in metadata? You should 
>avoid that if possible. Refer to [1] for details.

I do not intend to change the endpoints since we will be using V2


Vince