Subject: InCommon metadata support
[Metadata-Support] Re: [InCommon NOTICE] Fwd: metadata migration in progress [ACTION REQUIRED]
- From: Tom Scavo <>
- To: Michael Skafidas <>
- Cc: Tom Scavo <>, "" <>
- Subject: [Metadata-Support] Re: [InCommon NOTICE] Fwd: metadata migration in progress [ACTION REQUIRED]
- Date: Wed, 25 Jun 2014 10:53:15 -0400
[Michael, please subscribe to metadata-support for followups (see the
link at the bottom of this message)]
On Wed, Jun 25, 2014 at 10:39 AM, Michael Skafidas
> Sorry but we are not clear if any changes need to made on our part,
> since we make changes to the IDP very infrequently. We are using
That resource no longer exists. A redirect was put in its place on
March 31st, so you need to migrate.
> This is a snippet from our relying-party.xml
> <MetadataProvider id="incommon-metadata"
> <MetadataFilter xsi:type="ChainingFilter"
> <MetadataFilter xsi:type="RequiredValidUntil"
> maxValidityInterval="604800" />
> <MetadataFilter xsi:type="SignatureValidation"
> requireSignedMetadata="true" />
> <MetadataFilter xsi:type="EntityRoleWhiteList"
Compare that config with the recommended config:
Hope this helps,
> On 6/25/14, 9:39 AM, Tom Scavo wrote:
>> LAST CALL: The fallback metadata aggregate will be synced with the
>> production metadata aggregate on Monday, June 30, 2014. To avoid a
>> forced migration to metadata signed with SHA-256 digest algorithm, all
>> deployments should migrate to the production metadata aggregate ASAP
>> but no later than June 30, 2014. Please see the message below for
>> ---------- Forwarded message ----------
>> From: Tom Scavo
>> Date: Mon, May 5, 2014 at 11:46 AM
>> Subject: metadata migration in progress [ACTION REQUIRED]
>> You are receiving this message because you are a Site Administrator
>> for the InCommon Federation. Your IMMEDIATE ACTION may be required.
>> EVENT: On June 30, 2014, the fallback metadata aggregate will be
>> synced with the production metadata aggregate; that is, after June 30,
>> all metadata aggregates published by the InCommon Federation will be
>> signed using the SHA-256 digest algorithm.
>> OUTCOME: All deployments must be able to verify an XML signature that
>> uses a SHA-256 digest algorithm by June 30, 2014.
>> ACTION: If your SAML deployment is currently consuming the fallback
>> metadata aggregate, migrate to either the production metadata
>> aggregate or the preview metadata aggregate ASAP but no later than
>> June 30, 2014.
>> The legacy metadata aggregate was replaced by a redirect to the
>> fallback metadata aggregate on March 31, 2014. Consequently, every
>> deployment in the InCommon Federation is consuming one of the
>> following metadata aggregates:
>> * http://md.incommon.org/InCommon/InCommon-metadata.xml (production)
>> * http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml (fallback)
>> * http://md.incommon.org/InCommon/InCommon-metadata-preview.xml (preview)
>> The production and preview aggregates are signed using the SHA-256
>> digest algorithm. The fallback aggregate is signed using the SHA-1
>> digest algorithm.
>> For more info about metadata aggregates:
>> If your SAML deployment is currently consuming the fallback metadata
>> aggregate, migrate to either the production metadata aggregate or the
>> preview metadata aggregate by June 30th. This will ensure that your
>> deployment is compatible with SHA-256. If you do not migrate, your
>> metadata consumption process may stop working on June 30th.
>> For more info about the metadata migration process:
>> Questions? Join this mailing list:
>> InCommon Operations
- [Metadata-Support] Re: [InCommon NOTICE] Fwd: metadata migration in progress [ACTION REQUIRED], Tom Scavo, 06/25/2014
- <Possible follow-up(s)>
- [Metadata-Support] Re: [InCommon NOTICE] Fwd: metadata migration in progress [ACTION REQUIRED], Tom Scavo, 06/27/2014
Archive powered by MHonArc 2.6.16.