view idp 3.x idp metadata via a browser

Mathis, Bradley bmathis at pima.edu
Wed Mar 11 12:43:21 EDT 2020 

Thanks Nate and Kevin for your input

Peter,  thanks for your input also.  I appreciate your recommendation not
to do something I shouldn't ...especially when stated so nicely!  :-)    I
have no specific intention at the moment.  I was just wanting to
reference some information in the metadata and with the idp 2.x I just
popped it up in my browser when needed.   sometimes it's easier to do that
if I don't already have an ssh session open to the box .... displays well
too.   I was frustrated because I know I knew the url previously  ...ugh
wasted 40 mins trying to find it and left late for my commute home.   I
hate ending my day like that.

Thanks Everyone.

Brad Mathis
IT Systems Architect
Infrastructure Services - Applications
Pima Community College
520.206.4826
bmathis at pima.edu









On Tue, Mar 10, 2020 at 6:52 PM Peter Schober <peter.schober at univie.ac.at>
wrote:

> * Mathis, Bradley <bmathis at pima.edu> [2020-03-11 00:42]:
> > In idp 2.x   https://myIdp.domain/idp/profile/Metadata/SAML  would show
> me
> > the metadata for my idp.
> >
> > What's the equivalent for idp 3.x?
>
> Since the How was sufficiently answered I'll risk asking Why:
>
> Why would you want to load your own metadata -- that's very likely to
> be unsigned and either already expired or will never expire or much
> too far in the future -- over the network?
>
> I'm geussing you're probably not interested in your own metadata
> yourself (as you could find that on disk in metadata/idp-metadata.xml)
> but thinking about pointing Service Providers to that URL for trust
> (cough!) establishment?  If so that's a clear anti-pattern and
> alternatives should be considered (such as those SPs loading your IDP
> metadata from the InCommon MDQ service, verifying the signature of
> that metadata every time with InCommon's published metadata signing
> certificate.)
>
> So if you could add something about the Why I'm sure we can add
> something about the Why Not. ;)
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200311/ee62b760/attachment.html>

More information about the users mailing list