Skip to Content.
Sympa Menu

inc-ops-notifications - [InCommon NOTICE] End of support for legacy metadata download endpoints, beginning of support for TLS

Subject: InCommon Operations Notifications

List archive

[InCommon NOTICE] End of support for legacy metadata download endpoints, beginning of support for TLS


Chronological Thread 
  • From: Nick Roy <>
  • To: Nick Roy <>
  • Subject: [InCommon NOTICE] End of support for legacy metadata download endpoints, beginning of support for TLS
  • Date: Thu, 30 Nov 2017 08:25:05 -0700
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:Tne+nBxiPAUxtZbXCy+O+j09IxM/srCxBDY+r6Qd0uoQLPad9pjvdHbS+e9qxAeQG96Ku7Qc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q89pDXYAhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb5Sqw5VDq+46t2URPklDoLPCM9/G3KisF8iaRWqw+jqRNi2Y7ZeJ+bOvpjcK3ec90VS2VOUdpQVyFaGIywc5ECAvAdMetWrYTwoUYFoxukBQmrAePi0idGhn7q0q05zu8vDQbG3Qw9FN8JtnTUttL1NacJXOC0yqnI0SvMb+lQ2Tjj9IjEbAotru+RUrJtaMfcz1QkGQ3CjlWVs4PlPjWV2/wMs2id8+pvS/ivi2g5pAFtvDSj3NkjhZTUho4Ny1DE8zl2wIEwJd29T057Z8SoEJxKtyGVL4d2Q8UiTH1vuCY/z70Gvpi7fCYUx5s62RHfceaIc5SJ4hLkUuadOzB4hGhqeL+5mh288lCgx/XhWsWo31tGtCVIn9vWun0CyhDf8MyKR/pl8ku8xzqC0xrf5+JaLUwuiKbWK4ItzqQtmpcTt0nIAzX4l1/sjKCMc0Up4uio5PrjYrXhvpKSL5N5hAbiPqkgg8CxD+M2PwYXU2ic4uuzyqfv/UrkQLVWlfI2lbTZsJbHKsgBvq65GQhV0po95BmjEzem0dMYnX8dIFJCZRKHk4zpO1bJIPD7F/uwn1OskDJzy/DHOL3uHInNI2DenLv9crtx8UFRxQgpwd1Q+p5YELUMLfPrVk/0rtPYDxs5MwKuw+bgDdVwzoUeWXiIAq6ZK67SsFmI5v4xLOmWYo8apir9J+Y/6/HwkHA5hEcRfbO10psPdHC4AvNmLl2YYXrqntgBFmIKvg85TOzsklGCViRTZ3mrU6I94DE0FJuqDYDbRoC2mbCB2iC7HoFXZmBIC1CDDW3nd5mFW/cLbiKSOdRskjgFVbi6V48hzg+iuBX7y7phMurb5DcYtZT929hp+eHfjw89+iFpD86FyWGCU3l0nn8URz8xxK1/oEp9xUuE0ah9hvxYEtpT6+lOUgcgOp7Q1vR6BMroWgLdf9eGVFemQs28DjE3UtIx2MQDY0J8G9W5khDDxDSmD6UUl7yNGJw77Ljc337vKMZh1XrKzrcugEQ7QpgHCWrzoK909EDpAJ+Bx0ODkLeCdKIA0TTL+XvZi2eCoRcLfhR3VPDjXHscLnHRvJyt4FnFXpevD6gqKA1M1ZTEJ6dXPI66xW5aTevubYyNK1m6nH29UE/Vyw==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hello,


For many years, InCommon has supported a redirect from a very old metadata download location:


http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml

And

https://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml


To the current production (“main”) aggregate location:

http://md.incommon.org/InCommon/InCommon-metadata.xml


We have not supported TLS for metadata downloads for a number of reasons, mainly because we felt it would cause a false sense of security for deployments that do not correctly verify the XML digital signature on the metadata document itself (see documentation at: https://spaces.internet2.edu/display/InCFederation/Metadata+Consumption)


On January 31, 2018, InCommon Operations will:


  1. Remove the redirect noted above

  2. Introduce TLS support for metadata downloads on md.incommon.org


Before January 31, 2018, it is critical that all metadata clients be configured to fetch metadata from http://md.incommon.org/InCommon/InCommon-metadata.xml. If you currently fetch metadata from one of the old (wayf.incommonfederation.org) locations noted above, you need to reconfigure your deployment. Failure to do so will mean your IdP and/or SPs will break.


Please pass along this information to anyone in your organization who is responsible for running an IdP or SP in InCommon, especially those such as delegated administrators or other systems administrators who may not be subscribed to this mailing list.


Thank you,

Nick Roy

Director of Technology and Strategy, InCommon / Internet2 Trust and Identity Services



  • [InCommon NOTICE] End of support for legacy metadata download endpoints, beginning of support for TLS, Nick Roy, 11/30/2017

Archive powered by MHonArc 2.6.19.

Top of Page