Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
en:production [2022/04/29 10:39] – Wolfgang Pempe | en:production [2022/05/24 13:13] – [1. Metadata Administration Tool] Added screenshots Silke Meyer |
---|
===== 1. Metadata Administration Tool ===== | ===== 1. Metadata Administration Tool ===== |
| |
Using the Metadata Admin Tool (entity edit view, section "Federations"), the respective entity has to be added to the federation / metadata set that is considered to fit best the needs for productive operations (cf. [[en:degrees_of_reliance|Degrees of Reliance]]). The system will check whether the metadata of this entity meet all requirements of the production environment (especially the registered certificate[s]) - and whether the account is linked with a contract. If the checks are positive, the entity will be unlocked. | Using the Metadata Admin Tool (entity edit view, section "Federations"), the respective entity has to be added to the federation / metadata set that is considered to fit best the needs for productive operations (cf. [[en:degrees_of_reliance|Degrees of Reliance]]). The system will check whether the metadata of this entity meet all requirements of the production environment (especially the registered certificate[s]) - and whether the account is linked with a contract. If the checks are positive, the button will be unlocked. The metadata entry in question is then reviewed by the DFN-AAI team. |
| |
| **current/old metadata administration tool:**\\ |
| {{:en:metadata_admin_tool:in-progress.png?600|}} |
| |
| **upcoming/new metadata administration tool:**\\ |
| {{:en:metadata_admin_tool:mdv-produktiv-pending-neuemdv-en.png?600|}} |
===== 2. Configuration Changes ===== | ===== 2. Configuration Changes ===== |
| |
xsi:type="FileBackedHTTPMetadataProvider" | xsi:type="FileBackedHTTPMetadataProvider" |
backingFile="%{idp.home}/metadata/dfn-aai-sp-metadata.xml" | backingFile="%{idp.home}/metadata/dfn-aai-sp-metadata.xml" |
metadataURL="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-sp-metadata.xml" | metadataURL="http://www.aai.dfn.de/metadata/dfn-aai-sp-metadata.xml" |
maxRefreshDelay="PT2H"> | maxRefreshDelay="PT2H"> |
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true" | <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true" |
xsi:type="FileBackedHTTPMetadataProvider" | xsi:type="FileBackedHTTPMetadataProvider" |
backingFile="%{idp.home}/metadata/dfn-aai-edugain+sp-metadata.xml" | backingFile="%{idp.home}/metadata/dfn-aai-edugain+sp-metadata.xml" |
metadataURL="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-edugain+sp-metadata.xml" | metadataURL="http://www.aai.dfn.de/metadata/dfn-aai-edugain+sp-metadata.xml" |
maxRefreshDelay="PT2H"> | maxRefreshDelay="PT2H"> |
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true" | <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true" |
<file xml /etc/shibboleth/shibboleth2.xml> | <file xml /etc/shibboleth/shibboleth2.xml> |
<MetadataProvider type="XML" | <MetadataProvider type="XML" |
uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-idp-metadata.xml" | uri="http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml" |
backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600"> | backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600"> |
<MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> | <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> |
| |
<MetadataProvider type="XML" | <MetadataProvider type="XML" |
uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-edugain+idp-metadata.xml" | uri="http://www.aai.dfn.de/metadata/dfn-aai-edugain+idp-metadata.xml" |
backingFilePath="dfn-aai-edugain+idp-metadata.xml" reloadInterval="3600"> | backingFilePath="dfn-aai-edugain+idp-metadata.xml" reloadInterval="3600"> |
<MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> | <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> |
<file xml /etc/shibboleth/shibboleth2.xml> | <file xml /etc/shibboleth/shibboleth2.xml> |
<MetadataProvider type="XML" validate="true" | <MetadataProvider type="XML" validate="true" |
url="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-idp-metadata.xml" | url="http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml" |
backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600"> | backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600"> |
<MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> | <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" /> |