Note: The MDQ beta service retired May 1, 2019. It is replaced with a "preview" (pre-production) MDQ service.
...
https://spaces.at.internet2.edu/display/MDQ/The+Guide
https://spaces.at.internet2.edu/display/MDQ/Per-EntityMDQ+MetadataSigning+Service+DocumentationKey
https://spaces.at.internet2.edu/display/InCCollaborateMDQ/Per-Entity+Metadata+QueryService+ProtocolDocumentation
https://spaces.at.internet2.edu/display/perentity/MDQ+Client+Software
https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home
Caution: The state of MDQ server behavior is in flux, and downloading . Downloading metadata from the URL below (step 2) with using a browser may not provide usable results. Check that your results are ; check that the download is XML and not HTML. Also note InCommon's statement that this technology preview signing certificate could change with little notice.
Procedure
Save a copy of and verify the InCommon Metadata Query Protocol signing certificate (
incommon-mdq.pem
) and verify its fingerprint.
See https://spaces.at.internet2.edu/display/MDQ/MDQ+Signing+KeyCode Block openssl x509 -sha1 -noout -fingerprint -in incommon-mdq.pem SHA1 Fingerprint=CF:A8:7A:57:00:6E:05:09:CD:63:A1:49:1B:4B:F8:46:98:DD:3A:38
Fetch the UC Davis IdP metadata.
Code Block curl --silent --output ucdavis-metadata.xml \ http://mdq-preview.incommon.org/entities/urn%3Amace%3Aincommon%3Aucdavis.edu
Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, as well, cf. Google search.
Code Block xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate incommon-mdq.pem