This table captures current and future state of client software capable of requesting and consuming per-entity metadata via the Metadata Query Protocol.
Client Software | Supports MDQ protocol? | Notes on current capability | Security Model(s) | Known future capabilities or enhancements? |
---|---|---|---|---|
Shibboleth SP (current: V2.6.0) | Yes | See the Dynamic MetadataProvider topic in the Shibboleth wiki. This feature (first introduced in SP V2.0) is probably the most mature client implementation available. | XML Signature, TLS validation against explicit anchors | New "file://" feature in SP V2.6.0 |
Shibboleth IdP (current: V3.2.1) | Yes | See the DynamicHTTPMetadataProvider topic in the Shibboleth wiki. This feature (new in IdP V3.0.0) is mostly untested (which means there are probably bugs). | XML Signature, TLS validation against explicit anchors | New "file://" feature in IdP V3.3.0 |
SimpleSAMLphp (current: V1.14.78) | Yes | MDQ metadata handler merged on March 16, 2015. There is no formal documentation (search for "MDQ" in config.php). This feature is mostly untested. | XML Signature (via cert fingerprint) | |
ADFS 2.0 (Server 2008 and Server 2008 R2) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | |
ADFS 3.0 (Server 2012 R2) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | |
ADFS 4.0 (Server 2016 Tech Preview) * | No | ADFS will fetch and cache a single SAML EntityDescriptor at a configured endpoint location beginning with "https://" | TLS | This version may load an aggregate |
Ping | No | Ticket filed for next release to enable the needed 'Accepts' header value. | TLS |
...