IdP Metadata

Ian Young ian at
Wed Apr 17 09:16:01 EDT 2019

> On 17 Apr 2019, at 06:05, Richard Levenberg <richardl at> wrote:
> What is the suggested mechanism by which IdP metadata is signed

Signing metadata is most often seen in the context of a third-party trust broker such as a federation like the UK federation or InCommon. There's not much reason to sign metadata yourself outside that kind of context: for example, if you're supplying metadata to a bilateral partner then you can just send them a file.

> dynamically reflect the IdP's configuration?

In the case where you're working with a federation to publish your metadata to other federation members, that varies a lot and depends on the specific federation's registration processes and tools. It might be a question of exchanging mail with the federation operator, or it might involve some sort of web application you log into.

If you are not working with a federation, you probably just edit the file to include the changes you want. The IdP has no automation for this.

Hope this helps,

    -- Ian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: not available
URL: <>

More information about the users mailing list