provide SP metadata download URL to my IDP
Jason Howe
jhowe at cs.washington.edu
Mon Apr 6 14:13:33 EDT 2020
On 4/6/20 10:24 AM, Marcus Schopen wrote:
> Hi Jason,
>
> Am Montag, den 06.04.2020, 09:53 -0700 schrieb Jason Howe:
>> My process:
>>
>> 1) I download the autogenerated metadata file and save it off to the
>> side.
>> 2) I turn off the metadata generator.
>> 3) I set an alias for /shibboleth to serve up
>> /www/htdocs/shibboleth/metadata.xml (or where ever you want)
>> 4) I edit the saved metadata to suit and put it in the file system
>> location referenced in #3.
>>
>> When I need to add a new ACS Binding, I just edit the metadata file
>> on
>> disk, our IDP comes around about 1/hr to re-read all the sp metadata
>> files.
> Thanks for your time.
>
> If I understand you correctly, the idea is to deliver a static metadata
> xml file, which I have adapted myself, form the local webserver's
> filesystem via an URL like
>
> https://mysp.domain.com/_saml/metadata/mysp.xml
>
> Does the file need a special mime type? My webserver provides it as
> plain text and Firefox doesn't format it a XML file.
>
> And a last stupid question: how do I turn off the metadata generator?
> Just something like this:
>
> <!--
> Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
> -->
>
> Cheers!
> Marcus
>
Hi Marcus,
1) Correct.
2) I don't believe I'm setting an explicit xml mime type on my servers.
3) Also correct -- I believe the documentation tells us it's more secure
to keep that off.
Best,
Jason
More information about the users
mailing list