...
...
...
...
...
...
...
Note: The MDQ beta service was retired May 1, 2019 and currently replaced with a "preview" (pre-production) MDQ service.
References
https://spaces.at.internet2.edu/display/InCFederationMDQ/MetadataThe+Query+ProtocolGuide
https://spaces.at.internet2.edu/display/perentity/MDQ+Client+SoftwareMDQ/Per-Entity+Metadata+Service+Documentation
https://spaces.at.internet2.edu/display/InCCollaborate/Metadata+Query+Server+Protocol
https://spaces.at.internet2.edu/display/perentity/MDQ+Client+Software
https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home
Caution: Attempting to download The state of MDQ server behavior is in flux, and downloading metadata from the URL below (step 32) with a browser will notmay not provide usable results. The MDQ server (re)formats the results based on MIME type sent in the browser's requestCheck that your results are XML and not HTML.
Procedure
Obtain and verify the InCommon Metadata Query Protocol signing certificate . Though the MDQ service is currently beta, the data it serves is production.
curl -OLCode Block and verify the signing key fingerprint.
dsincommon.org/certs/mdq-beta-cert.pem
See https://- Verify the certificate's signing key fingerprint with information on this page
https://ops.incommon.org/mdq_beta_cert.html
Code Block openssl x509 -sha256 -noout -fingerprint -in mdq-beta-cert.pem
Fetch the UC Davis IdP metadata.
Code Block curl --silent --output ucdavis-metadata.xml \ http://mdq-betapreview.incommon.org/global/entities/urn%3Amace%3Aincommon%3Aucdavis.edu
Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, as well, cf. Google search.
Code Block xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate incommon-mdq-beta-cert.pem