References
https://spaces.internet2.edu/display/InCFederation/Metadata+Query+Protocol
https://spaces.internet2.edu/display/perentity/MDQ+Client+Software
https://spaces.internet2.edu/display/InCCollaborate/Metadata+Query+Server
https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home
Caution: Attempting to download metadata from the URL below (step 3) with a browser will not provide usable results. The MDQ server (re)formats the results based on MIME type sent in the browser's request.
Procedure
Obtain the InCommon Metadata Query Protocol signing certificate. Though the MDQ service is currently beta, the data it serves is production.
Code Block curl -OL https://ds.incommon.org/certs/mdq-beta-cert.pem
- Verify the certificate's signing key fingerprint with information on this page
https://ops.incommon.org/mdq_beta_cert.html
Code Block openssl x509 -sha256 -noout -fingerprint -in mdq-beta-cert.pem
Fetch the UC Davis IdP metadata.
Code Block curl --silent --output ucdavis-metadata.xml \ http://mdq-beta.incommon.org/global/entities/urn%3Amace%3Aincommon%3Aucdavis.edu
Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, as well, cf. Google search.
Code Block xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate mdq-beta-cert.pem