Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Since each key found is evaluated, new keys can be introduced by registering them in metadata, waiting a pre-defined period of time for the change to propagate, and then finally deploying the new signing key.

Known Issues

Currently all versions Versions of the ShibOnedotThree C++ ServiceProvider prior to the latest, 1.3.1, mistakenly ignore any <md:KeyDescriptor> without a use attribute set to "signing". A future patch will correct . 1.3.1 corrects this and permit permits descriptors with no use attribute to be applied.

...

Note: As of version 1.3.1 (currently IdP only), the behavior is now identical to the ExplicitKeyTrustEngine, except that the <ds:RetrievalMethod> element is not supported. Otherwise, the behavior is as described below.

...