InCommon MDQ
Donald Lohr
lohrda at jmu.edu
Wed Jul 8 15:25:10 UTC 2020
Thanks.
For now I'm going to start with cleaning up the /metadata folder and the
/conf/metadata-providers.xml file removing the old stuff.
This clean-up will get me down to the valid SP's that are not InCommon
members (or are now InCommon members).
I am also standardizing the SP metadata file names. I am also
standardizing each FilesystemMetadataProvider &
FileBackedHTTPMetadataProvider component (per SP) defined in the
/conf/metadata-providers.xml file.
I will also position each SP in the /conf/metadata-providers.xml file
before the InCommon FileBackedHTTPMetadataProvider definition following
Peter's practice.
This may be seen not as a worthwhile exercise, but I do have one
question. The top of the /conf/metadata-providers.xml file starts with:
<MetadataProvider id="ShibbolethMetadata"
xsi:type="ChainingMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
Some of the SP's metadata defined in this file as a
FilesystemMetadataProvider also contain the
xmlns="urn:mace:shibboleth:2.0:metadata" line and some do not. The
InCommon metadata definition, which is a FileBackedHTTPMetadataProvider
also contains this line, but none of our other
FileBackedHTTPMetadataProvider defined SPs contain it.
Is the xmlns="urn:mace:shibboleth:2.0:metadata" line required as a
element of each SP's metadata definition in the
/conf/metadata-providers.xml file?
Thanks to all of you for your assistance and everything you all do to
support us Shibboleth younglings.
Don
On 7/6/20 7:38 PM, Cantor, Scott wrote:
> On 7/6/20, 7:18 PM, "users on behalf of Lohr, Donald - lohrda" <users-bounces at shibboleth.net on behalf of lohrda at jmu.edu> wrote:
>
>> Are you referring to: LocalDynamicMetadataProvider
> Yes, that's what he's talking about. The other options are all historical at this point. Filesystem sources are useful when metadata is scripted or provided by some other system. Very rarely there may be use in the old HTTP sourcing option if somebody on campus is maintaining their own metadata feeds.
>
> Otherwise the two dynamic providers are all that matter now. Federations support MDQ and for everything else you dump each SP in a file named for SHA1(entityID) and load it all with LocalDynamic.
>
> e.g. in .bashrc...
>
> dynmd() { echo "/home/shibboleth/idp/metadata/dynamic/`echo -n \"$1\" | sha1sum | awk '{print $1}'`.xml"; }
> vimd() { vi `dynmd $1`; }
>
> $ cp some_example_metadata.xml `dynmd https://urldefense.proofpoint.com/v2/url?u=https-3A__sp.example.org_sp&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=EmEcsUPUQ8fWqcRy2botmPtHyfXp9cSBIWjD0wnmFkA&s=0z-wn9Y-ZoOvodowi4q5iyxznhjdcZWIw4qCtftvwww&e= `
> $ vimd https://urldefense.proofpoint.com/v2/url?u=https-3A__sp.example.org_sp&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=EmEcsUPUQ8fWqcRy2botmPtHyfXp9cSBIWjD0wnmFkA&s=0z-wn9Y-ZoOvodowi4q5iyxznhjdcZWIw4qCtftvwww&e=
>
> -- Scott
>
>
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
More information about the users
mailing list