metadata-support - Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata
Subject: InCommon metadata support
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata
- Date: Fri, 28 Aug 2015 14:19:20 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.210) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
On 8/28/15, 10:13 AM,
"
on behalf of Esquivel, Vince"
<
on behalf of
>
wrote:
>The appliance we are moving to will be IdP V2 and not V3. That will happen
>at a later time, since the appliance doesn’t support V3 yet.
My mistake, I thought appliance != Shibboleth. Different situation then. In
that case, what you really want to do is make this change transparently, test
with /etc/hosts changes, and then do a cutover in DNS and that's it.
Do not change the key. Just don't. If they tell you you have to, push back
and refuse, and if they still won't budge, you should be getting them to
provide free professional services to cover all the extra work with
non-metadata-aware vendors to change the key.
>>Be sure to *migrate* a new signing certificate into metadata. [2] Do not
>>simply replace the old certificate with the new certificate.
>
>I learned my lesson the hard way on this one, so I will be migrating the new
>cert.
I wouldn't do it, but it's your time.
>I do not intend to change the endpoints since we will be using V2
Meaning you understand changing the DNS name in them would be bad? That would
involve changing the endpoints. When you said the metadata would be changing,
it sounded like that meant not just the key.
-- Scott
- [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Tom Scavo, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Esquivel, Vince, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Esquivel, Vince, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Esquivel, Vince, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Nick Roy, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Esquivel, Vince, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
- RE: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Esquivel, Vince, 08/28/2015
- Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata, Cantor, Scott, 08/28/2015
Archive powered by MHonArc 2.6.16.