I’m implementing a shibboleth IDP, the example shibboleth saml.config shibboleth entry is :
<PartnerServiceProvider Name=“<a href=“https://sp.testshib.org/shibboleth-sp””>https://sp.testshib.org/shibboleth-sp"
WantAuthnRequestSigned=“false”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=“”>https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/>
this entry is for the test SP, for shibboleth your sp/idp will typically be part of a federation. Mine will be in the uk access management federation ( http://www.ukfederation.org.uk/ ) the federation manage and publish the metadata (daily for the uk federation) for the members of the federation. e.g. http://metadata.ukfederation.org.uk/ukfederation-metadata.xml
So my question is : can the ComponentSpace dll read the published federation meta-data - if so how do I configure that (location, frequency)? - if not then any hints on my manually reading the published xml and updating the SAMLConfiguration in code? The IDP also needs to support o365, google apps and some other SP’s so I still need a local saml.config.
Thanks,
Martin
We support reading SAML metadata and updating the saml.config from metadata using the ImportMetadata utility project.
However, the intention is for this to be done in a controlled manner as part of configuration setup.
We don’t directly support dynamic updating of SAML configuration on the fly in a production environment etc.
If this was required then you would need to load the SAML configuration programmatically (ie not using a saml.config file) and within your own code check for updates to the SAML metadata and update the SAML configuration accordingly.
However, I would be careful in doing this. Generally SAML configuration changes are infrequent and performed in a more controlled manner.