Best Practices for "Static" Metadata
David Wen Riccardi-Zhu
davidwen.riccardizhu at gooduncle.com
Wed May 6 19:48:41 UTC 2020
Hello,
I am setting up a Service Provider and have a question about Metadata best
practices. Thus far, I have been using the MetadataGeneration Handler at
/Shibboleth.sso/Metadata in my testing.
However, the documentation for that handler states that:
"The purpose of this handler is NOT to supply other systems with production
metadata but rather to assist with testing, and generation of metadata
examples useful in understanding how to produce actual metadata. Mature
deployments will often require metadata content that goes beyond what the
handler can generate, and directly coupling metadata to a configuration
makes certain configuration changes more likely to cause service
disruption."
Source:
https://wiki.shibboleth.net/confluence/display/SP3/Metadata+Generation+Handler
What is considered the best practice when moving to "static"
(not-generated) Metadata? I'm using Shibboleth with Apache. Could I place
my metadata.xml inside /var/www/html/shibboleth/, and share the deployed
link to that location with Identity Providers (
https://my.domain.com/shibboleth/metadata.xml
<http://my.domain.com/shibboleth/metadata.xml>)?
If this is a correct approach, should I set my entityID to reflect the
location of the Metadata, or would it be better to set it point to, e.g.,
https://my.domain.com/Shibboleth.sso?
Would be very grateful for any insights.
Thank you,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200506/749ee775/attachment.htm>
More information about the users
mailing list