Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:shibspmigration [2019/09/12 10:27] Silke Meyeren:shibspmigration [2019/09/12 10:28] (current) Silke Meyer
Line 2: Line 2:
  
 Ideally the metadata of a Service Provider do not change during migration. We recommend to  Ideally the metadata of a Service Provider do not change during migration. We recommend to 
-  * preserve the SP's **FQDN** (and thus the old binding URLS). Change the name server entry instead, or move the IP address to the new server. If you cannot preserve the host name, go to the [[https://www.aai.dfn.de/verwaltung/|metadata administration tool]] and add the new binding URLs - additionally to the old ones. During migration the old and the new binding URLs are published in parallel.+  * preserve the SP's **FQDN** (and thus the old binding URLS). Change the name server entry instead, or move the IP address to the new server. If you cannot preserve the host name, go to the [[https://www.aai.dfn.de/en/administration/|metadata administration tool]] and add the new binding URLs - additionally to the old ones. During migration the old and the new binding URLs are published in parallel.
   * preserve the **certificate and private key**. If you have to use a new key (and a new certifcate) for SAML-based communication please follow the step by step guide for [[https://doku.tid.dfn.de/en:certificates#certificate_key_rollover_sp|certificate rollover]].   * preserve the **certificate and private key**. If you have to use a new key (and a new certifcate) for SAML-based communication please follow the step by step guide for [[https://doku.tid.dfn.de/en:certificates#certificate_key_rollover_sp|certificate rollover]].
   * make sure the SP's **EntityID** stays the same. On the Identity Providers' side attribute release is tied to the EntityIDs of Service Providers. To modify it would mean that all IdPs you are working with would have to be reconfigured.   * make sure the SP's **EntityID** stays the same. On the Identity Providers' side attribute release is tied to the EntityIDs of Service Providers. To modify it would mean that all IdPs you are working with would have to be reconfigured.
  
  • Last modified: 5 years ago