Discussion:
Dynamic MetadataProvider
Tom Scavo
2014-09-25 11:59:52 UTC
Permalink
Is anyone using a Dynamic MetadataProvider [1] with the Shib SP? If
so, would you mind sharing your XML config? I want to configure an SP
to request per-entity metadata via the Metadata Query Protocol. [2]

Thanks in advance,

Tom

[1] https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataProvider#NativeSPMetadataProvider-DynamicMetadataProvider
[2] https://spaces.internet2.edu/x/2w7kAg
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Peter Schober
2014-09-25 12:31:28 UTC
Permalink
Post by Tom Scavo
Is anyone using a Dynamic MetadataProvider [1] with the Shib SP? If
so, would you mind sharing your XML config? I want to configure an SP
to request per-entity metadata via the Metadata Query Protocol. [2]
Seems the docs describe two ways to do what you intend to use it for,
by either supplying a Subst or Regex child element with a URL where
you'd like the lookup to be going. Something like

<MetadataProvider type="Dynamic" ignoreTransport="true">
<Subst>http://example.org/get?id=$entityID</Subst>
</MetadataProvider>

Probably replacing made up content above with MDQuery specifics.
Did you try that and what where the results?
-peter
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Tom Scavo
2014-09-26 12:01:42 UTC
Permalink
On Thu, Sep 25, 2014 at 8:31 AM, Peter Schober
Post by Peter Schober
Post by Tom Scavo
Is anyone using a Dynamic MetadataProvider [1] with the Shib SP? If
so, would you mind sharing your XML config? I want to configure an SP
to request per-entity metadata via the Metadata Query Protocol. [2]
Seems the docs describe two ways to do what you intend to use it for,
by either supplying a Subst or Regex child element with a URL where
you'd like the lookup to be going. Something like
<MetadataProvider type="Dynamic" ignoreTransport="true">
<Subst>http://example.org/get?id=$entityID</Subst>
</MetadataProvider>
Probably replacing made up content above with MDQuery specifics.
Did you try that and what where the results?
No, I haven't tried it (which is why I asked my original question) and
apparently you haven't either :-)

What I'm really looking for is a testimonial that this feature works
in a production setting without issue. It's not easy to test without
actually configuring an active SP, so I'm hoping that someone else has
already gone down this path.

Thanks,

Tom
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Peter Schober
2014-09-26 12:46:44 UTC
Permalink
Post by Tom Scavo
No, I haven't tried it (which is why I asked my original question)
and apparently you haven't either :-)
I don't have an MDQuery server/service available, not even a signed
EntityDescriptor lying around somewhere (which I could produce, of
course). If you have that ready and just copy&paste the snippet I
sent, I'd be interested in your results.

Now if you neither had an SP nor a source to query ...
-peter
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Peter Schober
2014-09-26 13:40:59 UTC
Permalink
Post by Tom Scavo
Post by Peter Schober
Probably replacing made up content above with MDQuery specifics.
Did you try that and what where the results?
No, I haven't tried it (which is why I asked my original question) and
apparently you haven't either :-)
OK, I have tested this now and it worked just fine (including a
signature validation filter), which is hardly surprising given it's in
released code and documented.

Not the testament of having run this in production for a long time you
where looking for, of course.
-peter
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...