Maintaining Shibboleth Metadata

From MyWiki

This is for InCommon, should work generally for any federation with appropriate tweaking.

First and only once, get the certificate for verifying the InCommon metadata. (Yes, this was the only URL I could find, and it seems strange it's not from the Internet2 site.)

$ cd /etc/shibboleth
$ wget https://webauth.service.ohio-state.edu/~shibboleth/InCommon-fedops.pem

Now you can regularly run the following:

# /usr/sbin/siterefresh --cert /etc/shibboleth/InCommon-fedops.pem \
  --url http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml \
  --out /etc/shibboleth/InCommon-metadata.xml

And here's a crontab (word-wrapped for readability) to run it every hour:

# crontab -l | fold -w 78 -s
0 * * * * /usr/sbin/siterefresh --cert /etc/shibboleth/InCommon-fedops.pem 
--url http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml --out 
/etc/shibboleth/InCommon-metadata.xml

Links:

Tom Scavo's InQueue directions
Configuration for SP from I2 Wiki
- See bottom of page for information about siterefesh.

Maintaining Shibboleth Metadata

From MyWiki

Views

Personal tools

Navigation

Search

Toolbox