The new InCommon Metadata Distribution Service is based on the Metadata Query (MDQ) protocol. It eliminates the need for a metadata consumer to download the entire metadata aggregate. It significantly reduces system resource overhead and reduces start up time.
There is no more need to download the entire metadata aggregate.
To retrieve metadata using the MDQ-based Metadata Service, visit the new InCommon Metadata Service Wiki.
If you previously (before 2020) downloaded the InCommon metadata aggregate and cannot switch over to querying individual entities using the MDQ protocol, the new Metadata Service provides an aggregate endpoint to simulate the legacy InCommon metadata aggregate. The aggregate endpoint is:
IMPORTANT: the new InCommon Metadata Service has a different signing key from the legacy service. If you had configured your service with the legacy key, make sure to update the metadata signing key. See obtain an authentic copy of the InCommon metadata signing certificate.
InCommon produces an metadata aggregate containing only IdP entities. It enable discovery services to retrieve/cache list of identity providers for display purpose.
The InCommon IdP-only aggregate endpoint is :
To ensure you are retrieving the properly vetted metadata fro mInCommon, make you should always verify the signature on metadata according to the instructions. Do not depend solely on HTTPS encryption for the security of your metadata downloads. To learn more, see consume-metadata-best-practice.
The InCommon metadata signed using the same metadata signing key and the SHA-256 digest algorithm. To verify the signature on an aggregate, a consumer must obtain an authentic copy of the InCommon metadata signing certificate.
The "preview" MDQ Service environment allows you to validate your service against upcoming changes to the MDQ Service.
Can't find what you are looking for?