Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space federationedit and version 2.9

Jump to: 

Table of Contents
maxLevel1
exclude(On this page)|(In this section)|(Related content)|(Get help)
typeflat
separatorpipe

Query instead of "download" 

The new InCommon Metadata Distribution Service is based on the Metadata Query (MDQ) protocol. It eliminates the need for a metadata consumer to download the entire metadata aggregate. It significantly reduces system resource overhead and reduces start up time.

There is no more need to download the entire metadata aggregate. 

To retrieve metadata using the MDQ-based Metadata Service, visit the new InCommon Metadata Service Wiki.

Simulating the legacy style metadata aggregate

Simulating the legacy aggregate

See Retrieving metadata aggregate with MDQ.

If you previously (before 2020) downloaded the InCommon metadata aggregate and cannot switch over to querying individual entities using the MDQ protocol, the new Metadata Service provides an aggregate endpoint to simulate the legacy InCommon metadata aggregate. The aggregate endpoint is:

Code Block
languagexml
themeConfluence
https://mdq.incommon.org/entities

IMPORTANT: the new InCommon Metadata Service has a different signing key from the legacy service. If you had configured your service with the legacy key, make sure to update the metadata signing key. See obtain an authentic copy of the InCommon metadata signing certificate.

Retrieving the IdP-only aggregate

See Retrieving metadata aggregate with MDQ.

InCommon produces an metadata aggregate containing only IdP entities. It enable discovery services to retrieve/cache list of identity providers for display purpose. 

The InCommon IdP-only aggregate endpoint is : 

Code Block
languagexml
themeConfluence
https://mdq.incommon.org/entities/idps/all

About the Export-only aggregate

InCommon produces an export-only aggregate to support inter-federation through the eduGAIN global R&E inter-federation. To learn more, see the Export-only metadata aggregate topic.

About the "Fallback" aggregate

See Using the fallback aggregate.

Verifying the metadata signature

To ensure you are retrieving the properly vetted metadata fro mInCommon, make you should always verify the signature on metadata according to the instructions. Do not depend solely on HTTPS encryption for the security of your metadata downloads. To learn more, see consume-metadata-best-practice

The InCommon metadata signed using the same metadata signing key and the SHA-256 digest algorithm. To verify the signature on an aggregate, a consumer must obtain an authentic copy of the InCommon metadata signing certificate.

Retrieving Preview metadata

The "preview" MDQ Service environment allows you to validate your service against upcoming changes to the MDQ Service. 

See:






In this section

Children Display
depth1
pageDownload InCommon metadata

Related content

Content by Label
showLabelsfalse
max10
showSpacefalse
cqllabel in ("metadata","edugain","mdq","metadata-aggregate") and space = currentSpace()


Get help

Can't find what you are looking for?

Button Hyperlink
iconhelp
titleAsk the community
typeprimary
urlask-the-community