Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

InCommon expects participants to refresh metadata daily to ensure that SAML endpoints have access to the most up-to-date keys and other registered information. Some software implementations (such as Shibboleth) handle metadata with easeeasily, but regardless of your software, please read this entire page to understand the requirements and pitfalls associated with metadata consumption.

...

In addition, if you don't refresh your metadata regularly, it is likely that a software implementation will fail at some point since the XML document carries an expiration date (validUntil) that causes the metadata to expire in three two weeks. InCommon strongly recommends that you do not rely on the actual length of this validity interval in any way, and in fact, we reserve the right to shorten the validity interval with little or no notice.

Info

The validity window on InCommon metadata will be shortened from three weeks to two weeks beginning on January 9, 2012.

Signature Verification

Federation metadata is signed for integrity and authenticity. Participants are strongly encouraged to verify the XML signature on the metadata file before use; failure to do so will seriously compromise the security of your SAML deployment.

...