Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • SimpleSAMLphp Metadata Config
Skip to end of metadata
Go to start of metadata

SimpleSAMLphp Metadata Configuration

SimpleSAMLphp includes a metarefresh module that will automatically refresh and verify federation metadata. The following example fetches the production metadata aggregate. See the Metadata Aggregates wiki page for other options.

Before you can verify the XML signature on a metadata aggregate, you need an authentic copy of the InCommon Metadata Signing Certificate. Do this first, before configuring simpleSAMLphp for metadata refresh.

The relevant portion of a sample configuration file (config-metarefresh.php) is shown below:

Configure the metarefresh module included with SimpleSAMLphp 1.11 (and later)
'incommon' => array(
	'cron'  => array('frequent'),
	'sources'   => array(
                array(
                    'src'   => 'http://md.incommon.org/InCommon/InCommon-metadata.xml',
                    'certificates' => array(
                        'incommon.crt',
                    ),
                    'template' => array(
                        'tags'  => array('all', 'incommon'),
                        'authproc' => array(
                            51 => array('class' => 'core:AttributeMap', 'oid2name'),
                        ),
                    ),
                ),
            ),
	'expireAfter'       => 60*60*24*7, // Maximum 7 days cache time.
	'outputDir'     => 'metadata/metarefresh/incommon',
	'outputFormat' => 'flatfile',
),
  • No labels