view idp 3.x idp metadata via a browser

Mathis, Bradley bmathis at
Wed Mar 11 12:43:21 EDT 2020

Thanks Nate and Kevin for your input

Peter,  thanks for your input also.  I appreciate your recommendation not
to do something I shouldn't ...especially when stated so nicely!  :-)    I
have no specific intention at the moment.  I was just wanting to
reference some information in the metadata and with the idp 2.x I just
popped it up in my browser when needed.   sometimes it's easier to do that
if I don't already have an ssh session open to the box .... displays well
too.   I was frustrated because I know I knew the url previously  ...ugh
wasted 40 mins trying to find it and left late for my commute home.   I
hate ending my day like that.

Thanks Everyone.

Brad Mathis
IT Systems Architect
Infrastructure Services - Applications
Pima Community College
bmathis at

On Tue, Mar 10, 2020 at 6:52 PM Peter Schober <peter.schober at>

> * Mathis, Bradley <bmathis at> [2020-03-11 00:42]:
> > In idp 2.x   https://myIdp.domain/idp/profile/Metadata/SAML  would show
> me
> > the metadata for my idp.
> >
> > What's the equivalent for idp 3.x?
> Since the How was sufficiently answered I'll risk asking Why:
> Why would you want to load your own metadata -- that's very likely to
> be unsigned and either already expired or will never expire or much
> too far in the future -- over the network?
> I'm geussing you're probably not interested in your own metadata
> yourself (as you could find that on disk in metadata/idp-metadata.xml)
> but thinking about pointing Service Providers to that URL for trust
> (cough!) establishment?  If so that's a clear anti-pattern and
> alternatives should be considered (such as those SPs loading your IDP
> metadata from the InCommon MDQ service, verifying the signature of
> that metadata every time with InCommon's published metadata signing
> certificate.)
> So if you could add something about the Why I'm sure we can add
> something about the Why Not. ;)
> -peter
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list