Updating Generated IdP metadata?
Cantor, Scott
cantor.2 at osu.edu
Fri Jan 6 20:37:52 GMT 2012
On 1/6/12 3:17 PM, "David Gersic" <dgersic at niu.edu> wrote:
>
>which I believe I need to do, but this document doesn't say how to do so.
>How, exactly, does one go about updating the generated IdP metadata?
The metadata consumed by the IdP about itself from that local file isn't
significant outside of a few edge cases, what generally matters is what
you provide externally. The file on disk happens to be used to serve the
file via a URL, but as with the SP generator, that's not meant as part of
a production trust exchange.
There is no abstraction in Shibboleth with metadata. You have to deal with
it directly, consuming and producing it. The specifics depend on your
trust model and federated arrangements. If you're looking for some kind of
aid, there isn't one. It's XML, and the metadata is standard SAML metadata
as profiled by the various specifications we document on our technical
specs page.
As a general matter, you don't just edit some file somewhere. There has to
be a metadata exchange. How that happens is very deployment specific. If
(being a .edu) you're using InCommon, then the web interface it offers is
how metadata gets modified.
For internal campus use, there are a variety of approaches depending on
requirements/goals.
-- Scott
More information about the users
mailing list