mace-opensaml-users - [OpenSAML] certificate management

Subject: OpenSAML user discussion

List archive

[OpenSAML] certificate management

From: Chris Card <>
To: <>
Subject: [OpenSAML] certificate management
Date: Fri, 7 Jan 2011 13:15:10 +0000
Importance: Normal

Hi,
do the SAML specs give any guidance on how to manage certificates used to verify signatures on AuthnRequests and Assertions, especially in
the case where there are multiple IDPs talking to an SP. For example, if the SP certificate changes, the consequent metadata change must be propagated to all
the IDPs, and while the propagation is happening there's a time window where it's possible that an IDP will reject an AuthnRequest because it hasn't received the new certificate.

Chris

[OpenSAML] signing performance, Chris Card, 01/06/2011
- RE: [OpenSAML] signing performance, Cantor, Scott E., 01/06/2011
  - Re: [OpenSAML] signing performance, Nick Newman, 01/06/2011
    - RE: [OpenSAML] signing performance, Cantor, Scott E., 01/06/2011
  - RE: [OpenSAML] signing performance, Chris Card, 01/06/2011
    - RE: [OpenSAML] signing performance, Cantor, Scott E., 01/06/2011
      - RE: [OpenSAML] signing performance, Chris Card, 01/06/2011
        
        Re: [OpenSAML] signing performance, Cantor, Scott E., 01/06/2011
        
        RE: [OpenSAML] signing performance, Chris Card, 01/07/2011
        
        Re: [OpenSAML] signing performance, Chad La Joie, 01/07/2011
        
        [OpenSAML] certificate management, Chris Card, 01/07/2011
        
        Re: [OpenSAML] certificate management, Chad La Joie, 01/07/2011
        RE: [OpenSAML] certificate management, Chris Card, 01/07/2011
        RE: [OpenSAML] certificate management, Cantor, Scott E., 01/07/2011
        
        Re: [OpenSAML] certificate management, Tom Scavo, 01/07/2011
    - Re: [OpenSAML] signing performance, Brent Putman, 01/06/2011

List archive

[OpenSAML] certificate management