Your IdP holds a local version of its metadata which is, on occasion, obtained directly by service providers. Whenever you change some aspect of your IdP, you should update this local version of your metadata to ensure service providers that use this metadata will continue to operate. Changes may include, but are not limited to:

  • Replacing the IdP's signing, encryption or back-channel certificates;
  • Adding, changing or removing published end points;
  • Changes to contact details;
  • etc...

The simplest way to update the metadata is to take a copy of the IdP metadata from the AAF Federation Registry and use it to replace the file /opt/shibboleth/shibbolet-idp/current/metadata/idp-metadata.xml.

To find the IdPs metadata in the AAF Federation Registry, you must first login (ensure you login to the correct environment). If you administer the IdP, then it should be listed on your dashboard. If not, you will need to View All IdPs and search for your IdP.

After finding your IdP, select the SAML tab, then the Metadata tab. Click ‘Load’ to see the metadata for your IdP. Copy everything within the box to a file on your server. Use this file to overwrite the local version of your metadata.

You can always edit your local version by hand, but this may cause issues if not done carefully.