Versions Compared

Old Version 10

changes.mady.by.user Tom Poage

Saved on

compared with

New Version 11

changes.mady.by.user Tom Poage

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

References

https://spaces.internet2.edu/display/InCFederation/Metadata+Query+Protocol

https://spaces.internet2.edu/display/perentity/MDQ+Client+Software

https://spaces.internet2.edu/display/InCCollaborate/Metadata+Query+Server

https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home


Caution: Attempting to download metadata from the URL below (step 3) with a browser will not provide usable results. The MDQ server (re)formats the results based on MIME type sent in the browser's request.

Procedure

  1. Obtain the InCommon Metadata Query Protocol signing certificate. Though the MDQ service is currently beta, the data it serves is production.

    Code Block
    curl -OL https://ds.incommon.org/certs/mdq-beta-cert.pem
  2. Verify the certificate's signing key fingerprint with information on this page

    https://ops.incommon.org/mdq_beta_cert.html

    Code Block
    openssl x509 -sha256 -noout -fingerprint -in mdq-beta-cert.pem

  3. Fetch the UC Davis IdP metadata.

    Code Block
    curl --silent --output ucdavis-metadata.xml \
        http://mdq-beta.incommon.org/global/entities/urn%3Amace%3Aincommon%3Aucdavis.edu

  4. Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, as well, cf. Google search.

    Code Block
    xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate mdq-beta-cert.pem