Versions Compared

Old Version 22

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 23

changes.mady.by.user David Walker (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Configure the SP software as follows:
    1. Continue to use the old key as a signing key, an TLS key, and/or a decryption key
    2. In addition, use the new key as a decryption key only
  2. Update the SP metadata as follows:
    1. Add a new <md:KeyDescriptor> element (with no use XML attribute)
    2. Change the old <md:KeyDescriptor> element to an <md:KeyDescriptor use="signing"> element
  3. Wait for the newly updated metadata to propagate throughout the Federation. Two weeks is safe, although longer times may be needed, depending on the operational practices of your partners.
  4. Configure the SP software as follows:
    1. Use the new key as a signing key, an TLS key, and/or a decryption key
    2. Discontinue use of the old key
  5. Remove the old <md:KeyDescriptor use="signing"> element from SP metadata.

...