InCommon metadata support

[Branson C Stephens <>]

hello,

I restarted shibd a bit earlier this morning (after your 9 AM EDT special 
signing), and I found that I had to turn
off the signature verification in order for it to work. I saw this in the 
logs:

2016-03-22 10:11:15 INFO OpenSAML.MetadataProvider.XML : reload thread 
started...running every 82800 seconds
2016-03-22 10:11:15 INFO OpenSAML.MetadataProvider.XML : remote resource 
(http://md.incommon.org/InCommon/InCommon-metadata.xml) unchanged, adjusted 
reload interval to 28800 seconds
2016-03-22 10:11:15 INFO OpenSAML.MetadataProvider.XML : using local backup 
of remote resource
2016-03-22 10:11:16 INFO OpenSAML.MetadataProvider.XML : loaded XML resource 
(/var/cache/shibboleth/InCommon-metadata.xml)
2016-03-22 10:11:19 INFO OpenSAML.Metadata : applying metadata filter 
(Signature)
2016-03-22 10:12:05 WARN OpenSAML.MetadataFilter.Signature : filtering out 
group at root of instance after failed signature check: Unable to verify 
signature with supplied key(s).
2016-03-22 10:12:05 INFO OpenSAML.MetadataProvider.XML : reload thread 
started...running every 28800 seconds
2016-03-22 10:12:05 CRIT OpenSAML.Metadata.Chaining : failure initializing 
MetadataProvider: SignatureMetadataFilter unable to verify signature at root 
of metadata instance.

I hadn’t made any changes to the cert inc-md-cert.pem, so this seemed 
strange. I just wanted to let you know in case there is an issue. 

best,
Branson