OpenSAML user discussion

["Gina Choi" <>]

Hi Scott,

The link that you previously sent me was very helpful. I got some idea about
how to handle expiration date of the certificate.


Thanks.

Gina

-----Original Message-----
From: 

[mailto:]
 On Behalf Of Cantor, Scott
E.
Sent: Thursday, April 28, 2011 12:44 PM
To: 

Subject: RE: [OpenSAML] How to validate signing certificate of the SAML token
in the relaying party?

> Thanks for all your responses. I am a Service Provider. The application
that
> we provide to our clients is not sensitive, so I am not planning to make a
> complex validation.

Until they change the app or your code gets copied around as an example or
approach for some other app.
 
> My identity provider is Microsoft ADFS2.0 and my
> application is receiving SAML2.0 tokens from ADFS and I don't use any other
> third party product. I exported token signing certificate from ADFS and
> placed it in my application(SP). The singing certificate has an expiration
> date of one year. My worry is after one year what happens? I will keep work
> as normal or something will break?

That's up to you. And what happens if and when they change it?

You need to read what I provided as background. It's not optional if you're
implementing SAML (or anything else involving keys for trust management).

-- Scott