Skip to Content.
Sympa Menu

metadata-support - RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata

Subject: InCommon metadata support

List archive

RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata


Chronological Thread 
  • From: "Esquivel, Vince" <>
  • To: "" <>
  • Subject: RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata
  • Date: Fri, 28 Aug 2015 14:13:04 +0000
  • Accept-language: en-US

Scott,


>Hi Vince,

>On Fri, Aug 28, 2015 at 8:36 AM, Esquivel, Vince
><>
> wrote:
>>
> >I am going to be moving my current IDP(on shibboleth) to a new server
> >(third party appliance) and the entity ID will remain the same.
>Are you upgrading to Shibboleth IdP V3 [1] at the same time?

The appliance we are moving to will be IdP V2 and not V3. That will happen
at a later time, since the appliance doesn’t support V3 yet.


>> What will be changing is the metadata
>The general strategy is to change as little as possible. The fact that you
>are not changing the entityID is a Very Good Thing.

Yeah the new metadata will be created on the SAML 2 appliance using the
current entityID

>> and signing certificate for this IDP.
>Be sure to *migrate* a new signing certificate into metadata. [2] Do not
>simply replace the old certificate with the new certificate.

I learned my lesson the hard way on this one, so I will be migrating the new
cert.


>> We are
>> members of InCommon and I was needing to know what the gotchas will be
>> from doing this method of migration?
>Do you intend to change the SAML protocol endpoints in metadata? You should
>avoid that if possible. Refer to [1] for details.

I do not intend to change the endpoints since we will be using V2


Vince



Archive powered by MHonArc 2.6.16.

Top of Page