[Openid-specs-fastfed] SAML certificate rotation
Tim Cappalli
Tim.Cappalli at microsoft.com
Wed Jun 9 19:00:40 UTC 2021
Hi all,
In the Enterprise SAML Profile for FastFed spec, the certificate rotation options are specified as:
1) periodic poll (the application provider (SAML SP) periodically polls the IdP’s metadata doc and looks for changes)
2) fail then poll (if validation of a SAML assertion’s signature fails, the application provider (SAML SP) reaches out to the SAML metadata endpoint and looks for changes, then revaluates the signature)
For those who are planning their implementation (or have one already), which method are you planning to use and why?
Thanks for the feedback!
tim
Tim Cappalli | @timcappalli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20210609/87be5b4e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EA3D9D0B1CF64289A146B639C4E9ED58[2305843009224105597].gif
Type: image/gif
Size: 44334 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20210609/87be5b4e/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6010 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20210609/87be5b4e/attachment-0001.bin>
More information about the Openid-specs-fastfed
mailing list