- Created by Albert Wu (internet2.edu), last modified on Jul 10, 2020
Jump to:
About the InCommon Metadata Service
The InCommon Metadata Service provides a secure and trusted mean to introduce Identity Providers (IdP) and Service Providers (SP) to each other and to exchange critical organizational identity, service location/capability, and contact information.
The metadata (InCommon Metadata) published through this service is the trusted registry of that exchange and introduction. In a very real sense, the InCommon Metadata powers the Federation.
Using the InCommon metadata
The InCommon Federation gathers entity metadata submitted by Participants, combines them with published metadata from the eduGAIN global inter-federation, and distributes the combined dataset via a real-time metadata query service based on the Metadata Query Protocol (MDQ). Visit the new InCommon Metadata Service Wiki for details on how to use MDQ to retrieve published metadata.
Managing your InCommon metadata
When signing the InCommon Participation Agreement, a Participant agrees to provide accurate entity metadata for its IdP and SP to the InCommon Federation. InCommon staff, as the Federation Operator, validates the submitted metadata and publishes it to the registry. This process ensures the security and integrity of the SAML protocol exchanges used throughout the federation.
InCommon Federation participants can upload and manage its entity metadata via Federation Manager.
Technical information on metadata format
InCommon metadata conforms to the OASIS SAML V2.0 Metadata specification and is schema-valid against the OASIS SAML V2.0 Metadata schema, which is an XML Schema. A handful of extension schema published by OASIS are supported as well.
InCommon metadata is translated from XML to JSON on a daily basis. The latter are used to render the Federation Info Pages. See the wiki topic on Metadata-Driven Web Pages for more information.
A secure, offline metadata signing process aggregates metadata registered by InCommon Participants together with metadata imported from eduGAIN and pushes the signed metadata aggregates to a secure, publicly accessible metadata server.
Further Reading
- Best practices when consuming InCommon metadata
- Publish metadata in InCommon
- Metadata signing process
- Managing trust in keys used for metadata
- Metadata-Driven Web Pages
- Shibboleth documentation on metadata
configure Download InCommon metadata
In this section
- Download InCommon Metadata
- Best practices when consuming InCommon metadata
- Publish metadata in InCommon
- Metadata Registration Practice Statement
Related content
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
Get help
Can't find what you are looking for?