Versions Compared

Old Version 26

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 27

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Currently eduID.at Metadata is being signed daily (or more often) and validity (validUntil) is being set to +14 days in the future each time. That means consumers of this metadata will need to refresh (re-download and evaluate) eduID.at metadata at least every 14 days, which a correctly configured software will should do automatically. (Note that this validity window may be shortened further in the future without prior notice.)

The example Metadata Filters in this set of documentation are using a maximum validity of 28 days, i.e., software configured that way would reject SAML metadata that (a) does not have any upper limit in its validity, and (b) where validity exceeds 28 days in the future.

Consumers of eduID.at Metadata (, i.e., SAML IDPs and SPs (and potentially SAML IDP Discovery Services) should refresh SAML metadata at least once a day, but preferrably more often. The example Metadata Providers in this documentation are set to a 4-hour refresh (i.e., re-downloading and evaluating the eduID.at SAML metadata 6 times a day – or less often if it can be established that the metadata hasn't changed on the HTTP layer), shortening the time it takes for the software to learn of new, changed or removed entities.

The example Metadata Filters in this set of documentation are using a maximum validity of 28 days, i.e., software configured that way would reject SAML metadata that (a) does not have any upper limit in its validity, and (b) where validity exceeds 28 days in the future. This allows metadata consumers to protect themselfs from overly large "windows of opportunity".