This interface provides a mechanism to query the IdP's Metadata resolver(s). This can be used as a debugging aid ("Is the IdP really seeing the metadata I think it is?") and also as a way of forcing specific entities into cache (which might be relevant for entities loaded via DynamicHTTPMetadataProvider or LocalDynamicMetadataProvider).
The underlying web interface, which is managed as an AdministrativeConfiguration, looks like this:
http[s]://localhost/idp/profile/admin/mdquery?entityID=https%3A%2F%2Fsp.example.org%2Fsp
The same thing on the command line would be:
$ /opt/shibboleth-idp/bin/mdquery.sh -e https://sp.example.org/sp
The parameters supported and their corresponding command line options are:
Query String | Command Line | Cardinality | Description |
|---|---|---|---|
entityID | --entityID, -e | Required | The entityID to find metadata for |
protocol | --protocol | Only 1 may be present | Protocol to find metadata role for |
saml1 | --saml1 | Queries for SAML 1.1 role | |
saml2 | --saml2 | Queries for SAML 2.0 role | |
cas | --cas | Queries for CAS role |
The tool essentially reproduces the results that would ordinarily be produced during metadata lookup in any of the "protocol" request flows.
Reference
V4.0 and upgraded systems include a bean defined in conf/admin/general-admin.xml to control aspects of the flow's behavior.
V4.1 includes properties to control various aspects of the flow's behavior using an internally-defined bean that may be overridden if required.