Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

This page describes Shibboleth Service Provider (SP) configuration necessary to download the UW Identity Provider (IdP) local metadata file and, optionally, verify the digital signature.

Background

The UW is part of the InCommon federation and publishes its IdP metadata in the InCommon metadata aggregate (http://md.incommon.org/InCommon/InCommon-metadata-idp-only.xml). However, the InCommon metadata aggregate has grown large enough to cause problems for SPs when they attempt to download the file and verify the digital signature. Symptoms include high memory utilization, very slow restarts, and occasional failures to restart the shibd process.

...

For Service Providers who wish to consume a small, static metadata file, the UW IdP publishes a local copy of its metadata and digitally signs the file. This page describes The sections below describe the SP configuration necessary to download the local metadata file and (optionally) verify the digital signature. If the local IdP metadata is downloaded from https://idp.u.washington.edu/metadata/idp-metadata.xml, the HTTPS protocol provides integrity and signature verification is optional (but recommended). If the IdP metadata is obtained from other sources, the digital signature should be verified. If signature verification will be used, the SP must keep a copy of the IdPs signing certificate in its configuration. 

...