!IdP Metadata Consumption
A Grid SP now consumes multiple !IdP metadata instances containing either EntityDescriptor
element or EntitiesDescriptor
element of multiple EntityDescriptor
elements (or recursively more EntitiesDescriptor
elements). For more information, see IdP Metadata Production.
The EntityDescriptor
element describes a !GridShib-enabled Attribute Authority (see the IdP metadata template distributed with !GridShib).
After reading in all metadata files, the SP has a collection of AA data each derived from an EntityDescriptor
element. How the SP dynamically picks the appropriate Attribute Authority to query is out of scope of this page. Once picked, only information derived from within one of the EntityDescriptor
elements will be used for that particular query.
/EntityDescriptor/@entityID
entityID
is the !IdPproviderId. This is used for
/Request/AttributeQuery/Subject/NameIdentifier/@NameQualifier
and the returned assertions must have this is as issuer to be considered valid.
(partial page)