The InCommon Metadata Distribution Service (MDQ Service) facilitates secure and trusted exchange of critical organizational identity, service location/capability, and contact information among identity providers and service providers.
Find and retrieve metadata for identity providers and service providers in InCommon and R&E federations around the world using the InCommon Metadata Distribution Service.
Working with the metadata service
Production environment
Configure your software to use InCommon metadata in production.
- Locating the production metadata
- Configure Shibboleth identity provider
- Configure Shibboleth service provider
- Prefetch an entity with Shibboleth
- Configure other software
- Metadata signing key for the Production environment
Preview environment
The "preview" MDQ Service environment allows you to validate your service against upcoming changes to the MDQ Service.
Preview environment status: the preview environment current mirrors the production environment.
- Locating the preview metadata
- Configure Shibboleth IdP for Preview MDQ environment
- Prefetch an entity with Shibboleth in the Preview MDQ environment
- Configure other software
- Metadata signing key for the Preview environment
References
Find out the latest features and changes to the MDQ Service.
- Measure MDQ performance
- Metadata Query Protocol
- Legacy metadata aggregates
- Tagging Per-Entity Metadata (for release policies, etc)
Other Federation topics
Happenings
Keeping everyone safe - we are moving legacy metadata signing online.
To comply with the State of Michigan's limited shelter-in-place/stay-at-home executive order, we are replacing our in-person metadata signing process used to sign the legacy metadata aggregate with a secure cloud-based signing process, originally developed for MDQ. To learn more, read on.
Additional Resources
Want to see how adopting the MDQ metadata service affects your system's performance?
Here is an in-use memory graph at the moment a university switched to using MDQ in its production IDP servers:
Great results from a Service Provider:
"We were able to switch to using MDQ. The service restarts in 5 seconds now versus 15 minutes."
Service Level Objectives
The production endpoints of this service are designed to meet the following requirements on a best-effort basis:
- 99.9% availability
- <= 200ms per request from clients on the Internet2 network
- Metadata validity window of no less than 5 business days (metadata is valid for 14 days, but may be signed infrequently over extended holiday periods)
- You can see the status of InCommon services on our status dashboard
It's worth noting that since launch, both the technology preview and production environments have had 100% availability.