Updating CAS to point to MDQ requires some configuration updates to point at the new service.

Navigate to your Apereo CAS server’s Service Registry storage location. The example below is for file based storage of the CAS JSON service definitions; if you’ve configured a different Server Registry storage type and location then you’ll need to find the InCommon definition(s) there. The configuration itself should be the same.

Get the metadata signing key

Download and place the production signing key in the credentials folder of the IdP and name it inc-md-cert-mdq.pem.

In the InCommon JSON definition, update the metadataUrl and the metadataSignatureLocation configuration as seen below. Note that the metadataUrl must be exactly as shown below, but the metadataSignatureLocation should point to the MDQ InCommon signing certificate downloaded in the step above.

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : ".+",
  "id" : "456",
  "name" : "InCommon_SP",
  "description" : "InCommon",
  "evaluationOrder" : "1400",
  "metadataLocation" : "https://mdq.incommon.org/entities/{0}",
  "metadataSignatureLocation" : "file:/etc/cas/services/sp-metadata/inc-md-cert-mdq.pem",
  "attributeReleasePolicy": {
 "@class": "org.apereo.cas.services.ChainingAttributeReleasePolicy",
 "policies": [ "java.util.ArrayList", [
      {"@class": "org.apereo.cas.support.saml.services.EduPersonTargetedIdAttributeReleasePolicy",
          "salt": "mysalthere",
          "attribute": "uid"
      },
      {"@class": "org.apereo.cas.support.saml.services.InCommonRSAttributeReleasePolicy"},
      {"@class": "org.apereo.cas.support.saml.services.RefedsRSAttributeReleasePolicy"}   ]]
  }
}

After making the change Apereo CAS server should reload the service definition automatically (by default after 2 minutes) and you should be able to test an InCommon service.

Reference: https://www.unicon.net/insights/blogs/migrate-to-incommon-mdq-apereo-cas-server