After several months of communication with participants, InCommon Operations removed the legacy metadata download endpoint (currently, a redirect) on Wednesday, February 14, 2018
All metadata clients that attempt to download metadata from this endpoint should have switched to one of the production endpoints noted in: Metadata Aggregates before that date. Failure to update to the production metadata locations has likely caused your SAML deployment to break on February 27, 2018 at approximately 2:44 p.m. US Eastern Time.
For many years, InCommon has supported a redirect from a very old metadata download location:
http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
And
https://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
To the current production (“main”) aggregate location:
http://md.incommon.org/InCommon/InCommon-metadata.xml
On February 14, 2018, InCommon Operations REMOVED this redirect.
It is CRITICAL that all production metadata clients be configured to fetch metadata from http://md.incommon.org/InCommon/InCommon-metadata.xml or one of the other three locations on md.incommon.org.
If you currently fetch metadata from one of the old (wayf.incommonfederation.org) locations noted above, you need to reconfigure your deployment. Failure to do so means that your IdP and/or SPs broke on February 27, 2018.
At the bottom of this page, you will find a list of hosts, updated weekly, that are still downloading metadata from the old location. If you see a host on the list that is at your organization, please contact the relevant systems personnel to arrange to switch metadata consumption to one of the supported aggregates.
Please pass along this information to anyone in your organization who is responsible for running an IdP or SP in InCommon, especially those such as delegated administrators or other systems administrators who may not be subscribed to this mailing list.
| Domains with hosts still attempting to use legacy metadata endpoint | |
|---|---|
| 1 | acm.org |
| 2 | amazonaws.com |
| 3 | atomiclearning.com |
| 4 | berkeley.edu |
| 5 | blackboard.com |
| 6 | brainerd.net |
| 7 | cengage.com |
| 8 | cloudtricity.com |
| 9 | cmu.edu |
| 10 | code42.com |
| 11 | duke.edu |
| 12 | eth0-0-fw3-1-ap-r137-3-va3.mhint |
| 13 | everestdc.com |
| 14 | expedient.com |
| 15 | fisc.com |
| 16 | fischerinternational.com |
| 17 | gatech.edu |
| 18 | googleusercontent.com |
| 19 | illinois.edu |
| 20 | imleagues.com |
| 21 | in-addr.arpa |
| 22 | internet2.edu |
| 23 | iu.edu |
| 24 | jhsph.edu |
| 25 | jhu.edu |
| 26 | kennisnet.org |
| 27 | mbl.edu |
| 28 | mtu.edu |
| 29 | osumc.edu |
| 30 | refworks.com |
| 31 | rfsuny.org |
| 32 | serialssolutions.com |
| 33 | siteprotect.com |
| 34 | surf.nl |
| 35 | surfnet.nl |
| 36 | t2hosted.com |
| 37 | thomsonreuters.com |
| 38 | trln.org |
| 39 | trondent.com |
| 40 | ts24.com |
| 41 | uark.edu |
| 42 | ucmerced.edu |
| 43 | ucsf.edu |
| 44 | ucsfmedicalcenter.org |
| 45 | uic.edu |
| 46 | uninett.no |
| 47 | unl.edu |
| 48 | utsystem.edu |
| 49 | uw.edu |
| 50 | vizientinc.com |
| 51 | webair.com |
| 52 | whoi.net |
| 53 | wm.edu |
| 54 | wpi.edu |
The information below was last updated on Monday, March 26, 2018.
IMPORTANT: The table on the left is a list of root DNS zones with hosts still attempting to access the legacy metadata location. The table on the right is a list of actual hosts still attempting to access the legacy metadata.
REMINDER: When you make a configuration change to target one of the current production metadata aggregate locations, you may need to restart your SAML SP software (shibd/etc) to cause it to re-read the configuration.