...
The simpleSAMLphp metarefresh module will refresh and verify metadata automatically. Signature verification depends on the fingerprint of the signing certificate, so the fingerprint configured in the metarefresh module must be updated before migrating simpleSAMLphp to one of the new metadata aggregateaggregates.
| Warning | ||
|---|---|---|
| ||
It is known that versions of simpleSAMLphp prior to version 1.11 are not compatible with SHA-2. You will need to upgrade to simpleSAMLphp 1.11 (or later) before migrating to the new production metadata aggregate. |
...
| Note | ||
|---|---|---|
| ||
If your simpleSAMLphp deployment is not compatible with SHA-2, and you migrate to the new fallback metadata aggregate, start planning now to upgrade to simpleSAMLphp 1.11 your simpleSAMLphp installation and migrate to the new production metadata aggregate ASAP (but no later than June 30, 2014). Note: simpleSAMLphp 1.12 is due to be released in December 2013. You may want to wait for this release since it includes improvements to the metarefresh module. |
How does this implementation plan affect Microsoft AD FS 2.0 deployments?
...