Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you plan on using the Shibboleth software for the federation purposes of federation, you can in fact also use Shibboleth to download and verify the signed metadata without having to rely on any other tools. Instructions how to configure Shibboleth for metadata consumption are provided elsewhere in this wiki.

Other SAML implementations besides Shibboleth have built-in metadata support. For example, we know that simpleSAMLphp will consume InCommon Federation metadata. If you know of other implementations that support SAML metadata, please let us know so we can document them here.

Regardless of your software implementation, however, you can always set up a cron job to refresh your metadata, but in that case you will need additional tools to verify the XML signature at the time of refresh and check the validUntil attribute as noted above. Participants are encouraged to share such tools and scripts for the benefit of the community. In conjunction with the refresh process, your software implementation needs to be configured to consume InCommon metadata. Exactly how this is done depends on your implementation of course. Instructions how to configure Shibboleth for metadata consumption are provided For instance, third-party tools that make InCommon metadata usable with Microsoft AD FS are documented elsewhere in this wiki. Also, see the resources linked below for related information.

For More Information