Contact Information in SP MetadataGenerator

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Contact Information in SP MetadataGenerator

skannappan
Hi,

To meet baseline expectations for InCommon Federation, I have to include
contact information for all my admins. I am however not sure how to use the
MetadataGenerator to include the following elements in my metadata which can
be automatically generated using /Shibboleth.sso/Metadata/

<md:ContactPerson contactType="technical"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:GivenName>Testing</md:GivenName>
<md:EmailAddress>mailto:[hidden email]</md:EmailAddress>
</md:ContactPerson>


Please advise on where I can find the implementation for MetadataGenerator
in Shibboleth SP.



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Developers-f1660781.html
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Contact Information in SP MetadataGenerator

Michael A Grady

On May 22, 2018, at 2:07 PM, skannappan <[hidden email]> wrote:

To meet baseline expectations for InCommon Federation, I have to include
contact information for all my admins. I am however not sure how to use the
MetadataGenerator to include the following elements in my metadata which can
be automatically generated using /Shibboleth.sso/Metadata/

<md:ContactPerson contactType="technical"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:GivenName>Testing</md:GivenName>
<md:EmailAddress>[hidden email]</md:EmailAddress>
</md:ContactPerson>

What the Shib SP will or will not generate as far as metadata is irrelevant as far as InCommon and Baseline Expectations goes. Because the metadata that InCommon cares about is the metadata that you register with InCommon, using the InCommon Federation Manager wizard. You don't "feed it a file of metadata", you have to use the wizard to generate the appropriate metadata. And that Fed Manager interface fully supports entering all the metadata elements required, including MDUI and Contact elements.

InCommon doesn't care what your SP generates, because no one should be relying on having partners getting the metadata from that SP endpoint. That's not a secure and reliable way to manage metadata. Security, scalability, and reliability is one of the key reasons one registers metadata with InCommon in the first place.

--
Michael A. Grady
IAM Architect, Unicon, Inc.




--
To unsubscribe from this list send an email to [hidden email]

signature.asc (891 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Contact Information in SP MetadataGenerator

skannappan
I agree that there is a wizard to generate the metadata for InCommon
Federation, however, I believe my question, though not phrased correctly,
was geared more for a general understanding on how to get
/shibboleth.sso/Metadata link to generate these elements.

Is there a way to leverage the MetadataGenerator to generate these elements
? I believe either the UK Federation or OA uses the
/shibboleth.sso/Metadata/ to get the metadata.



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Developers-f1660781.html
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Contact Information in SP MetadataGenerator

Peter Schober
In reply to this post by skannappan
* skannappan <[hidden email]> [2018-05-22 21:07]:
> I am however not sure how to use the MetadataGenerator to include
> the following elements in my metadata which can be automatically
> generated using /Shibboleth.sso/Metadata/
>
> <md:ContactPerson contactType="technical"
> xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
> <md:GivenName>Testing</md:GivenName>
> <md:EmailAddress>mailto:[hidden email]</md:EmailAddress>
> </md:ContactPerson>

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPHandler#NativeSPHandler-ChildElements

-peter
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Contact Information in SP MetadataGenerator

Cantor, Scott E.
In reply to this post by skannappan
> Is there a way to leverage the MetadataGenerator to generate these elements
> ? I believe either the UK Federation or OA uses the /shibboleth.sso/Metadata/
> to get the metadata.

No, they don't. You should be able to maintain your metadata by hand if you're going to expose it in XML form, the SP is not meant to do it for you.

Please move this to users, this is not a dev list question.

-- Scott

--
To unsubscribe from this list send an email to [hidden email]