view idp 3.x idp metadata via a browser
Peter Schober
peter.schober at univie.ac.at
Tue Mar 10 21:52:09 EDT 2020
* Mathis, Bradley <bmathis at pima.edu> [2020-03-11 00:42]:
> In idp 2.x https://myIdp.domain/idp/profile/Metadata/SAML would show me
> the metadata for my idp.
>
> What's the equivalent for idp 3.x?
Since the How was sufficiently answered I'll risk asking Why:
Why would you want to load your own metadata -- that's very likely to
be unsigned and either already expired or will never expire or much
too far in the future -- over the network?
I'm geussing you're probably not interested in your own metadata
yourself (as you could find that on disk in metadata/idp-metadata.xml)
but thinking about pointing Service Providers to that URL for trust
(cough!) establishment? If so that's a clear anti-pattern and
alternatives should be considered (such as those SPs loading your IDP
metadata from the InCommon MDQ service, verifying the signature of
that metadata every time with InCommon's published metadata signing
certificate.)
So if you could add something about the Why I'm sure we can add
something about the Why Not. ;)
-peter
More information about the users
mailing list