Metadata sources in the SAML MCM are individual metadata artifacts describing single entities. There are 2 ways to access the metadata files.

1. The file can be retrieved from the MDQ endpoint.

http(s)://<saml_mcm_host>/entities/<entity_ID>

Shibboleth IdP Configuration 

In conf/metadata-providers.xml

<MetadataProvider id="SAML_MCM_MDQ" xsi:type="DynamicHTTPMetadataProvider" supportedContentTypes="application/xml">
 	<!-- The MetadataQueryProtocol element specifies the base URL for the query protocol -->
    <MetadataQueryProtocol>http(s)://<saml_mcm_host>/</MetadataQueryProtocol>
</MetadataProvider>


2. The metadata files can be periodically written to disk.

application.yml
shibui:
  metadata-dir: /opt/shibboleth-idp/metadata/dynamic
application.properties
shibui.metadata-dir = /opt/shibboleth-idp/metadata/dynamic


By default the file will be written every 30 seconds. You can change the time period in milliseconds with the taskRunRate property:

application.yml
shibui:
  taskRunRate: 3000
application.properties
shibui.taskRunRate = 3000

Shibboleth IdP Configuration 

The SAML MCM will name the individual metadata files using the convention for the Shibboleth IdP's LocalDynamicMetadataProvider.  

You can then configure conf/metadata-providers.xml to look for the files or use the SAML MCM's metadata-providers.xml configuration.

metadata-providers.xml
<MetadataProvider id="localDynamicMetadata" xsi:type="LocalDynamicMetadataProvider" 
    sourceDirectory="/opt/shibboleth-idp/metadata/dynamic" />
  • No labels