!IdP Metadata Consumption

A Grid SP now consumes multiple !IdP metadata instances containing either EntityDescriptor element or EntitiesDescriptor element of multiple EntityDescriptor elements (or recursively more EntitiesDescriptor elements). For more information, see IdP Metadata Production.

The EntityDescriptor element describes a !GridShib-enabled Attribute Authority (see the IdP metadata template distributed with !GridShib).

After reading in all metadata files, the SP has a collection of AA data each derived from an EntityDescriptor element. How the SP dynamically picks the appropriate Attribute Authority to query is out of scope of this page. Once picked, only information derived from within one of the EntityDescriptor elements will be used for that particular query.

• /EntityDescriptor/@entityID

entityID is the !IdPproviderId. This is used for

/Request/AttributeQuery/Subject/NameIdentifier/@NameQualifier

and the returned assertions must have this is as issuer to be considered valid.

(partial page)