Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Support for multiple certificates in Federation Manager?

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Support for multiple certificates in Federation Manager?

Chronological Thread 
  • From: Nick Roy <>
  • To: metadata-suppo. <>
  • Subject: Re: [Metadata-Support] Support for multiple certificates in Federation Manager?
  • Date: Fri, 6 Sep 2019 17:49:28 +0000
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ChP5tEOmHUScKPINapqui97t7nkG62F280tRrF6l9G8=; b=dVKeWdh8De7D4/nEwEFujwno2aPWoAZYC0zjr3cH50VG27stil6itN4qE2I2+RH+u2idB/bG3EYgngcmRgJ18ZcJ4LqyUY5cbdluhwka5gZxoXC2btjwBp9WvQRBQ65Chy+pgxkMlGgdq6J4huvdvkEzzmuNw7qgvf/dbevFxYBuwjMuGjxY7YGIa1p1BW6tjnNuOdSjSPZ62h0f8EFsOl6hQmzTSrqC7eUGnhPm8fundCGxIIBvysL7Uty/X6045wtZHnnYquap97ps66s4uAoPlmlhvydiR59bviXgd/WHv3dSMWjrdl6yxnYnrh2wi6Bp9IK+eDcRlSK8UPMWpg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=Kx/KtqlM0Uu1WIELYaCznSCj7OoFj4oD4asbIAtNC0yESAT35L6rigwP8jMMT6nnGkzKL0/A9outoGJjN0D6S3tJODghbLCrBoTaZhU3DclDEanEe2/t8X8y1Q8BPIWDic53lj+lcbP+b2B5sP5ndCzwcOG4x9wiylw/K9u8SGNhHINYRRJGriseKMdX6GnMXemtvPOIyAJDe9+n7wG9nGXBzf0/cQcj8uwbNunpjPoAQyjLm4YbtHhT01Kx+7C+t1hoHNJVkEAyzaG5T5nY5Rk7HzEv9/ZeGJl5Jqc7a/sUF4Au5WkpjmwusA2eJIZTh8mFFCc8Qn+/HAi/IWsyUA==

Hi Jeffrey,

If you’re talking about IdP metadata, you are only allowed to add one or two dual-use (signing and encryption) keys to IdP metadata today. See my thread on this on , just started, to express your desires/use cases.



On 21 Aug 2019, at 11:46, Jeffrey J Ramsay wrote:

I am interested in this as well. We are unable to add our encryption certificate to our published metadata.


On Wed, Aug 21, 2019 at 12:17 PM Jesse Banning <> wrote:

I'm unable to find where to add a second certificate to an SP in FM. I also don't see a process for adding certs in the documentation. When I attempted to add a new cert by updating the SP, I was warned that the new cert would replace the existing one despite leaving the "delete" checkbox unchecked.

I'm sure FM must support multiple certificates in metadata this since that's necessary for certificate roll-over as well as for using different certs for signing and encryption.

Can anyone point me in the right direction (or to specific documentation) for configuring an SP with more than one certificate using Federation Manager?


Jesse Banning
Manager of Platform Integration
O'Reilly Media, Inc. (Boston Office)
(617)499-7575 |

Assistant Director
Business Systems
Binghamton University

Attachment: signature.asc
Description: OpenPGP digital signature

Archive powered by MHonArc 2.6.19.

Top of Page