...
| Table of Contents | ||
|---|---|---|
|
...
Launch Schedule
10/23/23 - Site Administrator Announcement Email
11/07/23 - Metadata Health Check Email
11/08/23 - Launch of Metadata Health feature
...
What is Metadata Health?
- Metadata health is determined through scans to see if published metadata elements are alive, reachable, and where applicable, meet appropriate encryption requirements. Elements assessed are published metadata contacts, URLs (Privacy Statement, Logo, Error), and TLS endpoints.
Where to find the new Metadata Health Page?
- From the Site Administrator Dashboard, click into an Identity Provider or Service Provider
- Click ‘Metadata Health’ tab on the left menu bar
Entity Checker
What is the Entity Checker i.e what metadata information does it scan, and how does an entity get scanned?
- Contacts
- Contact Health scans are currently separated from entity scans and will be conducted in a biannual batch process
- URLs
- Privacy Statement URL (User Interface Elements)
- Logo URL (User Interface Elements)
- Error URL (IdPs only)
- TLS endpoints (IdP or SP SSO Settings)
- The entity checker scans elements of an entity’s published metadata (as described above) on a scheduled and on-demand basis
- Contacts
What is scheduled and on-demand scanning?
- Scheduled entity scans run periodically to scan all entities while prioritizing recently published entities
- One entity check (URLs and TLS) will complete in approximately 10 minutes
- Contact Health scans are currently separated from entity scans and will be conducted in a biannual batch process
When should a Site Administrator initiate an on-demand scan?
- Because scans check published metadata, an Site Administrator should initiate a scan no sooner than 1 hour after their last published changes (Metadata signing process)
How often can an Site Administrator initiate a new scan?
- A Site Administrator can initiate a per entity scan once every 6 hours30 minutes
Contact Health Status
What is Contact Health scanning?
- Published metadata contacts are scanned to check if they are alive and reachable.
What does the status (Healthy, Unhealthy, or No Status) in the Contact Health column mean?
- Healthy - An email delivery attempt to the address on record succeeded
- Unhealthy - An email delivery attempt to the address on record resulted in a hard bounce
- No Status - The email address has not yet been scanned
Clicking the Contact Name will take the Site Administrator to the contacts tab
URL Health Status
What is URL Health scanning?
- Published metadata URLs are scanned to check if they are alive and reachable.
What does the status (Healthy, Unhealthy, No Status) in the URL Health column mean?
- Healthy - An attempt to reach the URL returned a 200, 304, or resolved in 5 or less redirects
- Unhealthy - An attempt to reach the URL did not return a 200, 304, or exceeded 5 redirects to resolve
- No Status - The URL has not yet been scanned
What do the status codes in the Reason column mean?
- Click here to find out more about the status codes (HTTP responses status codes)
Clicking the URL Type will take the Site Administrator to the corresponding URL tab
TLS Endpoint Encryption Scores
...
- Links to resources and articles
Brief explanation of what is a current score vs the trend report of scores (previous scores)
- An entity’s current score will be shown at the top of the list, followed by all the recently recorded scores for reference
- An entity’s TLS score at a certain point in time reflects what was published and subsequently scanned at that time
Clicking the current score will take the Site Administrator to the IdP/SP SSO Settings tab
HTTP Status Codes
...