Versions Compared

Old Version 8

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Overview

Indicated by type="MDQ", this MetadataProvider loads metadata on-demand from an HTTP server using the conventions defined by the Metadata Query Protocol draft specification (see base protocolSAML profile).

Table of Contents

Attributes

Common Attributes

. This is essentially the same as the Dynamic MetadataProvider with a slightly simpler configuration syntax to automatically generate the appropriate URL substitutions.

The baseUrl XML attribute is also required, to point to the root of the MDQ server.

Reference

Expand
titleCommon XML Attributes

The type="MDQ" attribute mustbe present.

Include Page
MetadataProviderCommonAttributes
MetadataProviderCommonAttributes
Expand
titleDynamic Provider XML Attributes
Include Page

...

MetadataProviderDynamicCommonAttributes
MetadataProviderDynamicCommonAttributes
Expand
titleRemote Dynamic Provider XML Attributes
Include Page
MetadataProviderRemoteDynamicCommonAttributes
MetadataProviderRemoteDynamicCommonAttributes

...

Expand
titleSpecific XML Attributes

The following attribute MUST be present:

Name

Type

...

Req?

Description

...

baseUrl

...

string

...

Y

Specifies the MDQ "base

...

" URL of the metadata

...

query service

Expand
titleCommon XML Child Elements
Include Page
MetadataProviderChildElements
MetadataProviderChildElements

...

Expand
titleRemote Dynamic XML Child Elements
Include Page
MetadataProviderNetworkChildElements
MetadataProviderNetworkChildElements

Example

MDQ Metadata Source
Code Block
languagexmltitleMDQ provider
<MetadataProvider type="MDQ" id="mdq.example.org" ignoreTransport="true" cacheDirectory="mdq-example-org"
		baseUrl="http://mdq.example.org/global/">
    <MetadataFilter type="Signature" cacheDirectorycertificate="mdqCache"metadata-signing-key.pem"/>
    <MetadataFilter type="SignatureRequireValidUntil" certificatemaxValidityInterval="/path/to/the/pemfile.pem8640000"/>
</MetadataProvider>