inc-ops-notifications - [InCommon NOTICE] InCommon legacy metadata aggregate retirement
Subject: InCommon Operations Notifications
List archive
- From: Johnny Lasker <>
- To: "" <>
- Subject: [InCommon NOTICE] InCommon legacy metadata aggregate retirement
- Date: Tue, 1 Apr 2025 16:32:16 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7n+wtS1+uDvhOYCggpMXeiDsI+XM8GTOqUzzUDtAx48=; b=nkoF/uI6Y3LtYhBqt8derTByl77IZQW0v1+cKsXvSNRJ6j0WCMPQpMzaI7ockigVH7B68lFPZk/rXwTpEIrtf6YBvX+eImhe202kyXqaybJ+ABCR0ES5/Pbaizts31h+klbL6gXEb8XkNCLo3rTem/VInnqZPjdTXVFdMzTkk5ZfWqOEULEt3+6GCxJGOjYNMIXfXc+8TvT0bxazvgQpa+vPcbO1Cy1vaNCejhUayFjLUGMZNGx8cRuVW838cYgj84VYWjM0H5BSEA6C80C2Rq7VIqxeY5L35ARUbL8XLUyzEvz7GqS00c/1qwM2U5oyMUDCujw/pBGcX8V3qwbs3Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GD0NwNttk62cJzPGVIwCFTloVNj01zKm7BtWsCrVDGt0xEP0zV9g3zO87xRng7AslX3wgG92lx7S+J6LbAL2Wue/emyEVEifJkUUelUE5XHap+q3OK+qXSlxzkKRmY3wel8dTKgX1Alf0KfXcmZZx5UxbG1/0c6lgxPXtba9zI87jeKEr7/5Gc4KXCi2EiCIxkZEQ8nB1EvAcdZLGhlu05hU4/S12rZo0lD5lBKWnTZ5sgOaGbDt8qwT3za0uwgmwyJbtsuENf9VTxgqKmWHSsUJtwbb53XoE94FhafL8q+v1t+7Ox2EQc1DJdFjCYruRO07wiWRFs0A+7hyoQ9ZTQ==
|
Some InCommon organizations are reporting issues with their SSO. This is likely related to consumption of the legacy metadata aggregate which expired on March 31, 2025. This instance expired as part of our retirement of the legacy metadata aggregate and push to have all organizations use the MDQ service.
The affected metadata URLs include:
We understand that any outage is serious and we are working to publish one more valid instance of the legacy metadata aggregate which should resolve your current issues. This instance will be valid for two weeks, which means organizations will still need to move to the MDQ service before this instance expires to avoid another interruption.
If your organization operates SAML Identity Provider or Service Provider systems which are federated with InCommon for single sign-on (SSO), AND the systems rely on one of the InCommon legacy SAML metadata aggregates above, then those systems will need to be updated at your earliest convenience, to resolve future service interruptions.
Action Required If possible, configure your SAML providers to support dynamic, per-entity metadata using the MDQ protocol. If you continue to require a metadata aggregate, configure your SAML provider(s) with the new All Entities or IdP only aggregate instead of the legacy aggregates. In either case, you will need to configure your providers to use InCommon's new signing key to verify the metadata signatures.
For more on the MDQ service, visit: https://spaces.at.internet2.edu/display/MDQ
Please let us know if you require further assistance.
Johnny Lasker Principal Service Integration Engineer Internet2 Trust & Identity
|
- [InCommon NOTICE] InCommon legacy metadata aggregate retirement, Johnny Lasker, 04/01/2025
Archive powered by MHonArc 2.6.24.