- Created by Albert Wu (internet2.edu), last modified by Johnny Lasker on May 27, 2021
Accessing the production InCommon metadata using MDQ
The production InCommon Metadata Service is available at:
https://mdq.incommon.org
The service supports the MDQ protocol, which enables you to look up individual entity's metadata using its entity ID. To query, connect to the MDQ location with the following query string syntax:
https://mdq.incommon.org/entities/<$entityID>
where <$entityID> is the URL-encoded string of the entity ID you are searching. If you are searching for entity ID: https://acme.org/idp, the web query would be:
https://mdq.incommon.org/entities/https%3A%2F%2Facme.org%2Fidp
Fully federation ready software such as Shibboleth, has built in support for the MDQ protocol. They may have configuration options to help simplify implementation. See:
- Configure Shibboleth identity provider
- Configure Shibboleth service provider
- Prefetch an entity with Shibboleth
Retrieving metadata as aggregates
In addition to the querying feature, the Metadata Service produces two aggregates for bulk download. They can be used in place of the legacy InCommon aggregates should you not be able to take advantage of the MDQ protocol. The IdP-only aggregate, in particular, is useful for discovery services to retrieve/list IdPs in the federations in the discovery UI.
Configure your client with an aggregate below just like you would any hosted metadata, or how you had previously configured your client to use the legacy InCommon aggregates.
You will need to configure your clients to use new signing keys issued for the environment you wish to download metadata from. The aggregates available are:
Aggregates for the Production environment
| Name | URL | Description |
|---|---|---|
| All Entities | https://mdq.incommon.org/entities | All entities. This is akin to the legacy main aggregate available at http://md.incommon.org/InCommon/InCommon-metadata.xml |
| IdP Only | https://mdq.incommon.org/entities/idps/all | IdP-only aggregate. This is akin to the legacy IdP-only aggregate available at http://md.incommon.org/InCommon/InCommon-metadata-idp-only.xml |
Validate the signing key
Signing key: Metadata signing key for the production environment.
Related content
-
Page:
-
Home page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
Get help
Can't find what you are looking for?
4 Comments
Nicole Roy
Albert Wu (internet2.edu) I'm not sure of the proper way to edit this page given you're working on the space using scroll versions. I found a typo. "MDQ query" in the first subtitle should be either "metadata query" or "MDQ", not MDQ query since that's redundant.
Johnny Lasker
This has been updated. Thanks!
Donald Lohr
Please double check that the above indicated url
https://acme.org/idpwas not correctly encoded. It should be encoded as https%3A%2F%2Facme.org%2Fidp in lieu of https%2F%2Facme.org%2FidpJohnny Lasker
Thank you for this feedback, it has been updated.