InCommon MDQ
Peter Schober
peter.schober at univie.ac.at
Mon Jul 6 20:35:26 UTC 2020
* Lohr, Donald - lohrda <lohrda at jmu.edu> [2020-07-06 19:05]:
> 1) Right/wrong/indifferent (likely wrong) our practice seems to have
> always been when adding a new non-InCommom member's metadata is to
> drop in the default /metadata folder and to edit the
> /conf/metadata-providers.xml file
> and add either configuration:
And I think this was always communicated as the wrong approach, even
though the software allows for it. Mainly because it doesn't scale
well and reloading the whole metadata provider configuration is a more
heavy-weight operation than reloading individual metadata providers
(as in: one metadata provider with all your non-InC SPs in it) or even
never reloading anything at all (as in: using localDynamic).
> Somewhere I read, that the InCommon definition should come before or
> or after everything else, but am not able to locate that again.
https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration#MetadataConfiguration-SearchOrderingSearchOrdering
Found via IDPv3 home -> Configuration -> Metadata -> "Search Ordering".
> In a metadata-providers.xml file like I am describing, what kind of
> order listing should be used to list federations and specific SPs?
Depends on the desired effect and how much you trust your own metadata
curation skills, I suppose.
E.g. I put the MetadataProvider with locally managed SPs before the
federation metadata, because I want to be able to potentially override
what's in the federation metadata (for debugging purposes) and by
removing my local copy the federation-managed copy takes over.
-peter
More information about the users
mailing list