Metadata SP ValidUntil
205 views
Skip to first unread message
Marko Himmel
Apr 7, 2021, 8:03:04 AM4/7/21
to SimpleSAMLphp
Hello. I'm new to SAML. Can someone tell me how I can automate the metadata for the SP? So with the addition ValidUntil in the metadata. For example, renew every 7 days. Is there an example of this?
Peter Schober
Apr 7, 2021, 8:56:05 AM4/7/21
to SimpleSAMLphp
* 'Marko Himmel' via SimpleSAMLphp <simple...@googlegroups.com> [2021-04-07 14:03]:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop.html
(called "Repeatedly expiring (using a validUntil attribute) and
reissuing the metadata" there.)
Not sure doing that (either only expiring or signing with an untrusted
key & expiring regularly) makes sense for individual entities, though.
All of this depends on your trust model.
-peter
> Hello. I'm new to SAML. Can someone tell me how I can automate the metadata
> for the SP? So with the addition ValidUntil in the metadata. For example,
> renew every 7 days. Is there an example of this?
validUntil makes most sense with "sign & expire", cf. section 2.7 in
> for the SP? So with the addition ValidUntil in the metadata. For example,
> renew every 7 days. Is there an example of this?
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop.html
(called "Repeatedly expiring (using a validUntil attribute) and
reissuing the metadata" there.)
Not sure doing that (either only expiring or signing with an untrusted
key & expiring regularly) makes sense for individual entities, though.
All of this depends on your trust model.
-peter
Reply all
Reply to author
Forward
0 new messages