There is a per service option that seems to work:
https://apereo.github.io/cas/7.3.x/installation/Configuring-SAML2-DynamicMetadata.html#per-service
[image: Screenshot 2025-10-24 at 07-41-11 CAS - SAML2 Metadata
Management.png]
The SAML response still appears to have the default IdP cert in it, but the
SP needs the updated metadata certificate to function... I put new
metadata, cert, and key in the above directory.
Thank you,
Matt
On Thursday, October 23, 2025 at 11:24:04 AM UTC-4 Matthew Gordon wrote:
> Hello,
>
> Did this actually work, or is there a recommended solution?
>
> Thank you,
> Matt
>
> On Sunday, August 25, 2024 at 1:11:05 PM UTC-4 Ray Bon wrote:
>
>> Patryk,
>>
>> If you have a dev environment, you can check this. Maybe cat the old and
>> new keys/certs into idp-signing.{key,crt}
>>
>> Ray
>>
>> On Mon, 2024-08-12 at 03:33 -0700, Patryk Sondej wrote:
>>
>> You don't often get email from [email protected]. Learn why this is
>> important <https://aka.ms/LearnAboutSenderIdentification>
>>
>> Is rollover IdP SAML 2.0 certs supported in CAS?
>> Eg. primary (old) + secondary (new)
>> Can't find anything in documentation.
>>
>>
>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dea2055c-7e88-43f4-b1db-d58bd6b04c89n%40apereo.org.
