Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

References

https://spaces.internet2.edu/display/InCFederation/Metadata+Query+Protocol

https://spaces.internet2.edu/display/perentity/MDQ+Client+Software

https://spaces.internet2.edu/display/InCCollaborate/Metadata+Query+Server

https://wiki.shibboleth.net/confluence/display/XSTJ2/xmlsectool+V2+Home


Caution: Attempting to download metadata from the URL below (step 3) with a browser will not provide usable results. The MDQ server (re)formats the results based on MIME type sent in the browser's request.

Procedure

  1. Obtain the InCommon Metadata Query Protocol signing certificate. Though the MDQ service is currently beta, the data it serves is production.

    curl -OL https://ds.incommon.org/certs/mdq-beta-cert.pem
  2. Verify the certificate's signing key fingerprint with information on this page

    https://ops.incommon.org/mdq_beta_cert.html

    openssl x509 -sha256 -noout -fingerprint -in mdq-beta-cert.pem

  3. Fetch the UC Davis IdP metadata.

    curl --silent --output ucdavis-metadata.xml \
        http://mdq-beta.incommon.org/global/entities/urn%3Amace%3Aincommon%3Aucdavis.edu

  4. Validate the XML signature. Note: several other ways to verify the digital signature on an XML document exist, as well, cf. Google search.

    xmlsectool --verifySignature --inFile ucdavis-metadata.xml --certificate mdq-beta-cert.pem
  • No labels