InCommon metadata support

[Tom Scavo <>]

Hi Keith,

On Tue, Sep 6, 2016 at 2:59 PM, Wessel, Keith 
<>
 wrote:
>
> I have my test IDP cluster querying metadata from the InCommon MDQ server.

Note that mdq-beta.incommon.org imports metadata from the InCommon
preview aggregate so that's a fine use of this beta MDQ server.

> I configured the IDP using the instructions on 
> https://spaces.internet2.edu/display/InCCollaborate/Dynamic+Metadata+Client+Config#DynamicMetadataClientConfig-ShibbolethIdPConfiguration.

AFAIK, you are the first one to test that configuration, Keith. Thank
you for venturing to the leading edge :-)

> However, my IDP has reminded me evern since I did this that the 
> requireSignedMetadata attribute of the signature validation filter is 
> deprecated.

Oops, apparently I overlooked that.

> Is it syntactically correct to use the new requireSignedRoot attribute in 
> this configuration instead?

Yes, I think so (but I don't know if it's ever been tried).

> I'm not sure if metadata coming back from the MDQ server has a signed root.

The root element is <md:EntityDescriptor> and yes, it is signed.

> I would expect it would but wanted to know for sure. If so, it might be 
> good to update that wiki page.

I will do that, thanks. Be sure to let us know if you discover anything else.

Thanks Keith.

Tom