Translate meta data to SSO tag

Peter Schober peter.schober at
Thu Dec 3 21:59:19 UTC 2020

* Nate Klingenstein <ndk at> [2020-12-03 19:01]:
> You just need to load the metadata for their identity
> provider. [...]
> their metadata is available at
>, so you can just load it
> directly by adding to shibboleth2.xml next to the other
> MetadataProvider elements: [...]
> Eventually you'll want to rely on InCommon or another authority and
> signed metadata.

Defintively the latter. Getting signed metadata from InCommon's MDQ
shouldn't be any harder than getting it from the IDP's entityID URL
value directly in a completely insecure fashion.

1. Get the certificate to validate signatures:
2. Get the config snippet for your Shib SP:
3. Success.


More information about the users mailing list