entity id in browser result in metadata

Qian, Yi yqian at ku.edu
Thu Apr 3 16:37:50 EDT 2014 

Then why https://shibidp.ku.edu/idp/shibboleth also gives me the metadata, should shib prevent this url to produce the metadata

From: Michael A Grady <mgrady at unicon.net<mailto:mgrady at unicon.net>>
Reply-To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Date: Thursday, April 3, 2014 3:27 PM
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: Re: entity id in browser result in metadata

No, the entityID is just a "lookup key" to find the right metadata amongst all the metadata you have. The IdP's metadata endpoint (which you really shouldn't be using for dynamic access to metadata) is exactly what you listed:

  https://hostname/idp/profile/Metadata/SAML

where "hostname" is the IdP's host/service name:

    https://shibidp.ku.edu/idp/profile/Metadata/SAML

I just tried it, and got the metadata. But note that metadata gets generated when you install the IdP, and not necessarily updated with changes. So you're better off getting your published metadata from the InCommon feed.

On Apr 3, 2014, at 3:15 PM, Qian, Yi wrote:

So https://hostname/idp/shibboleth will result in metadata?

From: Paul Hethmon <paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>>
Reply-To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Date: Thursday, April 3, 2014 3:08 PM
To: Shibboleth Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: Re: entity id in browser result in metadata


On Apr 3, 2014, at 3:54 PM, Qian, Yi <yqian at ku.edu<mailto:yqian at ku.edu>> wrote:

Hello,

OK, I can't find it, but according the shib document I printed out, to get idp metadata, I need to use https://hostname/idp/profile/Metadata/SAML, but I just realized if I entered my idp entity id in browser it will spit out our idp metadata, if my memory still working, I remember before I upgrade to 2.4, when I enter the entity id in browser I would get 404, could somebody explain it is because of the upgrade? Because my memory is wrong? Because my configuration is flawed?

The entityID is not a URL. The default value used by Shib during installation looks very similar to one just to ensure uniqueness of the ID.

Paul


Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>


--
Michael A. Grady
Senior IAM Consultant, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140403/145c1ec1/attachment-0001.html

More information about the users mailing list