Hello,
We have a new certificate on engine to perform a key rollover and it's working fine for the IDPs.
But for the SPs we are having some issues.
To add the key rollover we add the new certificate on /etc/openconext/engineblock.ini like bellow
; Additional keys for easy key rollover
encryption.keys.20200211.privateFile = /etc/openconext/engineblock.20200211.key
encryption.keys.20200211.publicFile = /etc/openconext/engineblock.20200211.crt
After refreshing engine cache we can see the new links for the new key:
In our case the link (https://engine.qua.rctsaai.pt/authentication/idp/metadata/key:20200211) with the new key has SingleSignOnService endpoint is https://engine.qua.rctsaai.pt/authentication/idp/single-sign-on
The SingleSignOnService endpoint shouldn't be something like https://engine.qua.rctsaai.pt/authentication/idp/single-sign-on/key:20200211?
Regards,
Domingos