view idp 3.x idp metadata via a browser

Peter Schober peter.schober at
Tue Mar 10 21:52:09 EDT 2020

* Mathis, Bradley <bmathis at> [2020-03-11 00:42]:
> In idp 2.x   https://myIdp.domain/idp/profile/Metadata/SAML  would show me
> the metadata for my idp.
> What's the equivalent for idp 3.x?

Since the How was sufficiently answered I'll risk asking Why:

Why would you want to load your own metadata -- that's very likely to
be unsigned and either already expired or will never expire or much
too far in the future -- over the network?

I'm geussing you're probably not interested in your own metadata
yourself (as you could find that on disk in metadata/idp-metadata.xml)
but thinking about pointing Service Providers to that URL for trust
(cough!) establishment?  If so that's a clear anti-pattern and
alternatives should be considered (such as those SPs loading your IDP
metadata from the InCommon MDQ service, verifying the signature of
that metadata every time with InCommon's published metadata signing

So if you could add something about the Why I'm sure we can add
something about the Why Not. ;)


More information about the users mailing list