Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

References

https://spaces.internet2.edu/display/InCFederation/Metadata+Query+Protocol

https://spaces.internet2.edu/display/perentity/MDQ+Client+Software

https://spaces.internet2.edu/display/InCCollaborate/Metadata+Query+Server

https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home

Procedure

  1. Obtain the InCommon Metadata Query Protocol signing certificate. Though the MDQ service is currently beta, the data it serves is production.

    curl -OL https://ds.incommon.org/certs/mdq-beta-cert.pem
  2. Verify the certificate's signing key fingerprint with information on this page

    https://ops.incommon.org/mdq_beta_cert.html

    /usr/bin/openssl x509 -sha256 -noout -fingerprint -in mdq-beta-cert.pem

  3. Fetch our IdP metadata.

    curl --silent --output ucdavis-metadata.xml \
        http://mdq-beta.incommon.org/global/entities/urn%3Amace%3Aincommon%3Aucdavis.edu

  4. Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, cf. Google search.

    xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate mdq-beta-cert.pem
  • No labels