Migrating a Service Provider

Ideally the metadata of a Service Provider do not change during migration. We recommend to

  • preserve the SP's FQDN (and thus the old binding URLS). Change the name server entry instead, or move the IP address to the new server. If you cannot preserve the host name, go to the metadata administration tool and add the new binding URLs - additionally to the old ones. During migration the old and the new binding URLs are published in parallel.
  • preserve the certificate and private key. If you have to use a new key (and a new certifcate) for SAML-based communication please follow the step by step guide for certificate rollover.
  • make sure the SP's EntityID stays the same. On the Identity Providers' side attribute release is tied to the EntityIDs of Service Providers. To modify it would mean that all IdPs you are working with would have to be reconfigured.
  • Last modified: 5 years ago