Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The use of long-lived, self-signed certificates in metadata is strongly recommended. According to the SAML2int 87425032 and MetaIOP 87425032 profile, the certificate is only a public key container and no method of validating the certificate information may be used.

...

1. Create a new key-pair that is complaint compliant with the federation

2. Create a copy of the metadata already published in the federation and add a new KeyDescriptor element containing the public key certificate. The metadata should now contain the old and the new KeyDescriptor element. If there is a KeyDescriptor for signing and one for encrypting do this for both

...