Child pages
  • SimpleSAMLphp Metadata Config
Skip to end of metadata
Go to start of metadata

SimpleSAMLphp Metadata Configuration

SimpleSAMLphp includes a metarefresh module that will automatically refresh and verify federation metadata. The following example fetches the production metadata aggregate. See the Metadata Aggregates wiki page for other options.

Before you can verify the XML signature on a metadata aggregate, you need an authentic copy of the InCommon Metadata Signing Certificate. Do this first, before configuring simpleSAMLphp for metadata refresh.

The relevant portion of a sample configuration file (config-metarefresh.php) is shown below:

Configure the metarefresh module included with SimpleSAMLphp 1.11 (and later)
'incommon' => array(
	'cron'  => array('frequent'),
	'sources'   => array(
                array(
                    'src'   => 'http://md.incommon.org/InCommon/InCommon-metadata.xml',
                    'certificates' => array(
                        'incommon.crt',
                    ),
                    'template' => array(
                        'tags'  => array('all', 'incommon'),
                        'authproc' => array(
                            51 => array('class' => 'core:AttributeMap', 'oid2name'),
                        ),
                    ),
                ),
            ),
	'expireAfter'       => 60*60*24*7, // Maximum 7 days cache time.
	'outputDir'     => 'metadata/metarefresh/incommon',
	'outputFormat' => 'flatfile',
),
  • No labels