By default the IdP exposes an HTTP endpoint relative to the deployed servlet context (usually /idp
) at /shibboleth
which returns the IdP's own metadata. This endpoint path would mirror that implied by the default IdP entityID, for example https://idp.example.org/idp/shibboleth
, thereby implementing the Well-Known Location metadata resolution mechanism discussed in the SAML Metadata specification (section 4.1).
That endpoint returns the metadata by simply reading the XML file pointed to by IdP property idp.entityID.metadataFile
, the value of which defaults to %{idp.home}/metadata/idp-metadata.xml
.
To expose a different metadata file's contents at that endpoint, set that property to a different file path value in conf/idp.properties
, for example:
idp.entityID.metadataFile=/var/shibboleth/metadata/idp-metadata.xml
To effectively disable metadata publishing at the endpoint entirely by returning an HTTP 404 response, set the value to an empty string:
idp.entityID.metadataFile=