As of release 3.11.0 of the InCommon Federation Manager software, it is now possible for Site Administrators to make bulk changes to their metadata for the purposes of meeting Baseline Expectations.
The following elements may be bulk updated via this user interface:
- Technical contact
- Security contact
- Administrative contact
This tool is specifically designed to allow Site Administrators to perform a bulk update of all SAML entity descriptors in their organization's metadata which may be missing elements required by InCommon's Baseline Expectations program. As such, note the following details:
- The tool only updates metadata elements that are missing in published entity descriptors. It does not affect entity descriptors with updates that have not been published. Please submit all needed metadata changes and wait for them to be published before using the tool. Once a missing element has been added to an entity descriptor, if it needs to be changed in the future, you cannot use this tool to accomplish that change.
- The tool does not update mdui:DisplayName since it would be invalid to set the same mdui:DisplayName for multiple entity descriptors. Missing mdui:DisplayName elements must be applied to individual entity descriptors which are missing them.
- Updates made through use of this tool are immediately approved for publication the next time InCommon signs metadata - you do not need to separately submit them to the RA for approval, and the RA does not need to approve the changes you submit using this tool.
To access this functionality in the Federation Manager, click the "Baseline Expectations Bulk Change" link in the Site Administrator Dashboard:
Note that if you have any metadata that has been updated but not submitted, you will first need to submit any changes. You will see the following error if you have any metadata that still needs submitting:
Next, fill in values for your LogoURL, PrivacyStatementURL and contacts. These values will be added to any published entity descriptors in your organization that are currently missing them. If you leave out one or more fields, the tool will only update entity descriptors with the information you have provided. You can then come back later and re-run the tool to add any additional missing elements:
In this example, we updated the privacy URL and logo but did not enter in any information for administrative contact. This will apply logo and privacy url values to all entities missing those fields and will not touch the administrative contact.
Hit the "Save" button to apply changes to your entity descriptors:
If there were any errors in the data entered, an error message will appear at the top along with detail near the field that did not meet validation:
In this case, we did not enter in a valid URL for the privacy statement. Once you have corrected the problem, you can hit Save again.
If the update was successful, you will see a list of entities that were updated:
Note that you do not need to submit metadata separately for these updates–all changed entities will be submitted and automatically approved for publication the next time InCommon publishes metadata.