Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata


Chronological Thread 
  • From: Nick Roy <>
  • To: "" <>
  • Subject: Re: [Metadata-Support] Re: [InC] Moving my IDP to new server with new Metadata
  • Date: Fri, 28 Aug 2015 16:27:04 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

Any partner you federate with via InCommon or any bi-lateral configuration
you have done, which does not run one of the two known implementations that
support key-rollover (Shibboleth and SimpleSAMLphp), will require an outage
to support IdP key rollover. The duration of the outage will depend on how
you roll this out, the degree of customization you can do to relying party
configs on your new appliance-based IdP, and how good your communication with
those SPs is. Not to mention whether you know which ones you have and the
characteristics of their SP implementations.

As Scott says, try to avoid IdP key rollover if you can avoid it.

Nick



On 8/28/15, 9:12 AM,
"
on behalf of Cantor, Scott"
<
on behalf of
>
wrote:

>On 8/28/15, 11:04 AM,
>"
> on behalf of Esquivel, Vince"
><
> on behalf of
>>
> wrote:
>
>>Are you referring to other SP's that use our IDP that are not members of
>>InCommon?
>
>Not exclusively. Membership in InCommon does not imply use of the metadata.
>Even presence in the metadata does not imply consumption of the metadata.
>And consuming the metadata doesn't imply correct consumption of it. That's
>just how it is.
>
>-- Scott
>



Archive powered by MHonArc 2.6.16.

Top of Page