...
| Client Software | Supports MDQ protocol? | Notes on current capability | Security Model(s) | Known future capabilities or enhancements? |
|---|---|---|---|---|
| Shibboleth SP (current: V2.6.0) | Yes | See the Dynamic MetadataProvider topic in the Shibboleth wiki. This feature (first introduced in SP V2.0) is probably the most mature client implementation available. | XML Signature, TLS validation against explicit anchors | New "file://" feature in SP V2.6.0 |
| Shibboleth IdP (current: V3.2.1) | Yes | See the DynamicHTTPMetadataProvider topic in the Shibboleth wiki. This feature (new in IdP V3.0.0) is mostly untested (which means there are probably bugs). | XML Signature, TLS validation against explicit anchors | New "file://" feature in IdP V3.3.0  |
| SimpleSAMLphp (current: V1.14.7) | Yes | MDQ metadata handler merged on March 16, 2015. There is no formal documentation (search for "MDQ" in config.php). This feature is mostly untested. | XML Signature (via cert fingerprint) | |
| ADFS 2.0 (Server 2008 and Server 2008 R2) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | |
| ADFS 3.0 (Server 2012 R2) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | |
| ADFS 4.0 (Server 2016 Tech Preview) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | This version may load an aggregate |
| Ping * | No | Ticket filed for next release to enable the needed 'Accepts' header value. | TLS |
* Information is not verified by the vendor/developer and may not be accurate
...