Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space mdqedit and version 1.2

Accessing the production InCommon metadata using MDQ query

The production InCommon Metadata Service is available at:

Code Block
languagexml
https://mdq.incommon.org

The service supports the MDQ query protocol, which enables you to look up individual entity's metadata using its entity ID. To query, connect to the MDQ location with the following query string syntax:

Code Block
languagexml
https://mdq.incommon.org/entities/<$entityID>

where <$entityID> is the URL-encoded string of the entity ID you are searching. If you are searching for entity ID: https://acme.org/idp, the web query would be:

Code Block
languagexml
https://mdq.incommon.org/entities/http%3A%2F$2Facmehttps%2F%2Facme.org%2Fidp

Fully federation ready software such as Shibboleth, has built in support for the MDQ protocol. They may have configuration options to help simplify implementation. See:

Retrieving metadata as aggregates

In addition to the querying feature, the Metadata Service produces two aggregates for bulk download. They can be used in place of the legacy InCommon aggregates should you not be able to take advantage of the MDQ query protocol. The IdP-only aggregate, in particular, is useful for discovery services to retrieve/list IdPs in the federations in the discovery UI.

Configure your client with an aggregate below just like you would any hosted metadata, or how you had previously configured your client to use the legacy InCommon aggregates.

You will need to configure your clients to use new signing keys issued for the environment you wish to download metadata from. The aggregates available are:

Aggregates for the Production environment

NameURLDescription
All Entitieshttps://mdq.incommon.org/entitiesAll entities. This is akin to the legacy main aggregate available at http://md.incommon.org/InCommon/InCommon-metadata.xml
IdP Onlyhttps://mdq.incommon.org/entities/idps/allIdP-only aggregate. This is akin to the legacy IdP-only aggregate available at http://md.incommon.org/InCommon/InCommon-metadata-idp-only.xml

Validate the signing key

Signing key: Metadata signing key for the production environment.

Related content

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel in ("mdq","mdq-service","metadata-service") and space in (currentSpace(),"federation")


Get help

Can't find what you are looking for?

Button Hyperlink
iconhelp
titleAsk the community
typeprimary
urlfederation:ask-the-community