Fornecedor de Identidade
1. Adicionar novo bloco com o novo link e referencia ao url:
<metadata:MetadataProvider id="URLMD2" xsi:type="metadata:FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/RURVR0FJTg~~/metadata.xml"
backingFile="/opt/shibboleth-idp/metadata/edugain_metadata.xml"
minRefreshDelay="PT5M"
maxRefreshDelay="PT1H"
refreshDelayFactor="0.75" >
<metadata:MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata" trustEngineRef="shibboleth.RR-RCTSaaiMetadataTrustEngine" requireSignedMetadata="true" />
</metadata:MetadataProvider>
2. Adicionar após o bloco </security:Credential> a referencia ao certificado metadatasigner.pem
<security:TrustEngine id="shibboleth.RR-RCTSaaiMetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
<security:Credential id="RCTSaaiFederationCredentials" xsi:type="security:X509Filesystem">
<security:Certificate>/opt/shibboleth-idp/credentials/metadatasigner.pem</security:Certificate>
</security:Credential>
</security:TrustEngine>
Fornecedor de Serviço
<MetadataProvider type="XML" uri="https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/RURVR0FJTg~~/metadata.xml" backingFilePath="/etc/shibboleth/rctsaai/edugain_metadata.xml" reloadInterval="60">
<MetadataFilter type="Signature" certificate="metadatasigner.pem"/>
</MetadataProvider>
Fornecedor de Identidade e Seviço
<?php
$config = array(
'sets' => array(
'edugain' => array(
'cron' => array('hourly'),
'sources' => array(
array( 'src' => 'https://rctsaai-rr.fccn.pt/rr/signedmetadata/federation/RURVR0FJTg~~/metadata.xml',
'certFingerprint' => '0b3b547d116b92d5f3008a3b4058e7a762f21d9d',
'certificate' => 'metadatasigner.pem', ),
),
'maxCache' => 60*60*24*4, // Maximum 4 days cache time.
'maxDuration' => 60*60*24*10, // Maximum 10 days duration on ValidUntil.
'outputDir' => 'metadata/edugain/',
'outputFormat' => 'flatfile',
),
)
);