...
| Warning | ||
|---|---|---|
| ||
Verifying the signature on a SAML metadata file does not verify the expiration date(s). The only way to do that is to parse the XML. |
...
If you plan on using the Shibboleth software for the purposes of federation, you can in fact also use Shibboleth to download and verify the signed metadata without having to rely on any other tools. Regardless of your implementation, however, you can always set up a cron job to refresh your metadata, but in that case you will also need a tool to verify the XML signature at the time of refresh and another tool to prune expired metadata from the aggregate.
Apart from this refresh process, your software implementation needs to be configured to consume the InCommon metadata. Exactly how this is done depends on your implementation of course. Instructions how to configure Shibboleth for metadata consumption are provided elsewhere in this wiki. Also, see the resources linked below for related information.
...