...
In addition, if you don't refresh your metadata regularly, it is likely that a software implementation will fail at some point since the XML document carries an expiration date (validUntil) that causes the metadata to expire in approximately two weeks. InCommon strongly recommends that you do not rely on the actual length of this validity interval in any way, and in fact, we reserve the right to shorten the validity interval with little or no notice.
Metadata Refresh Process
The mechanics of Here are the steps to deploy a secure, automated metadata refresh process:
- Choose the right metadata aggregate for your particular deploymentone of three Metadata Aggregates
- Download an authentic copy of the Metadata Signing Certificate
- Deploy and configure an automated metadata refresh process:
- Install and configure your metadata client software Metadata Client Software
- Validate the expiration date on downloaded metadata
- Verify the XML signature on downloaded metadata
- Adjust your outbound firewall rules (if necessary)
...
Depending on your environment, you may have to poke a hole in an outbound firewall to allow your metadata client to reach the metadata server. In that case, you will actually want to poke two holes in that firewall since there are two physical servers as described on the Metadata Server wiki page.
...