Page History
...
- Service Providers registered with ACOnet also offering their services via Interfederation, as well as
- All Identity Providers registered with ACOnet, including but not limited to those participating in Interfederation.
(Only SPs will be relevant to an IDP and communication with SPs is best managed via attribute release policies, not metadata exclusion.)
Legacy
All eduID.at production metadata is signed with RSA SHA-2. In case broken implementations incapable of verifying such metadada need to be supported ACOnet still makes available copies of its production metadata signed with RSA SHA-1. The content and intended usage of these legacy metadata documents is otherwise identical to the production metadata described above.
Note |
---|
Please notify ACOnet if any of your deployed systems depend on this legacy metadata. ACOnet explictly intends to stop publication of these legacy metadata documents as soon as practically possible. Only registering your need with the eduID.at Operations Team can ensure your dependency on these legacy documents can be taken into consideration. |
The URLs to the legacy metadata documents are identical to the respective production metadata with the exception of the /legacy
component in the path:
Info | ||||
---|---|---|---|---|
| ||||
|
Metadata validity and refresh
...
Consumers of eduID.at Metadata, i.e., SAML IDPs and SPs (and potentially SAML IDP Discovery Services) should refresh eduID.at metadata at least once a day, but may do so more often. The example Metadata Providers in this documentation are set to a 4-hour refresh (i.e., re-downloading and evaluating the eduID.at SAML metadata 6 times a day – or less often if it can be established on the HTTP layer that the metadata hasn't changed on the HTTP layer, cf. conditional HTTP GET), shortening the time it takes for the software to learn of new, changed or removed entities.
...