- This line was added.
- This line was removed.
- Formatting was changed.
|Table of Contents|
Query instead of "download"
The new InCommon Metadata Distribution Service is based on the Metadata Query (MDQ) protocol. It eliminates the need for a metadata consumer to download the entire metadata aggregate. It significantly reduces system resource overhead and reduces start up time.
There is no more need to download the entire metadata aggregate.
To retrieve metadata using the MDQ-based Metadata Service, visit the new InCommon Metadata Service Wiki.
Simulating the legacy style metadata aggregate
Simulating the legacy aggregate
If you previously (before 2020) downloaded the InCommon metadata aggregate and cannot switch over to querying individual entities using the MDQ protocol, the new Metadata Service provides an aggregate endpoint to simulate the legacy InCommon metadata aggregate. The aggregate endpoint is:
IMPORTANT: the new InCommon Metadata Service has a different signing key from the legacy service. If you had configured your service with the legacy key, make sure to update the metadata signing key. See obtain an authentic copy of the InCommon metadata signing certificate.
Retrieving the IdP-only aggregate
InCommon produces an metadata aggregate containing only IdP entities. It enable discovery services to retrieve/cache list of identity providers for display purpose.
The InCommon IdP-only aggregate endpoint is :
About the Export-only aggregate
About the "Fallback" aggregate
Verifying the metadata signature
To ensure you are retrieving the properly vetted metadata fro mInCommon, make you should always verify the signature on metadata according to the instructions. Do not depend solely on HTTPS encryption for the security of your metadata downloads. To learn more, see consume-metadata-best-practice.
The InCommon metadata signed using the same metadata signing key and the SHA-256 digest algorithm. To verify the signature on an aggregate, a consumer must obtain an authentic copy of the InCommon metadata signing certificate.
Retrieving Preview metadata
The "preview" MDQ Service environment allows you to validate your service against upcoming changes to the MDQ Service.
- Locating the preview metadata
- Configure Shibboleth IdP for Preview MDQ environment
- Prefetch an entity with Shibboleth in the Preview MDQ environment
- Configure other software
- Metadata signing key for the Preview environment
In this section
|Content by Label|
Can't find what you are looking for?