Versions Compared

Old Version 11

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 12

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. If the metadata file does not have a validUntil attribute on the root element.
  2. If the validUntil attribute on the root element is expired.
  3. If the a validUntil attribute on a child element is expired.

A metadata reload process should check each of the above conditions before accepting the metadata.

Warning
titleBeware!

Verifying the signature on a SAML metadata file does not verify the expiration date. The only way to do that is to parse the XML.

Software Configuration

If you plan on using the Shibboleth software for the purposes of federation, you can in fact also use Shibboleth to download and verify the signed metadata without having to rely on any other tools. Regardless of your implementation, however, you can always set up a cron job to refresh your metadata, but in that case you will also need a tool to verify the XML signature at the time of refresh.

...