Extensions to MDQ

pyFF tracks https://datatracker.ietf.org/doc/draft-young-md-query/ but adds a couple of extensions that have become useful:

webfinger

pyFF implements RFC7033 - aka webfinger. The pyFF server responds to a webfinger query by returning a JSON-representation of all available resources in the active database. This allows a caller to iterate over all resources (eg to mirror an MDQ structure).

Example

The following example assumes a pyFF instance running on port 8000 and that the tool jq is installed.

$ curl -s http://localhost:8000/.well-known/webfinger | jq
{
  "subject": "http://localhost:8000",
  "expires": ...,
  "links": [
    {
      "rel": "disco-json",
      "href": "http://localhost:8000/entities/"
    },
    {
      "rel": "urn:oasis:names:tc:SAML:2.0:metadata",
      "href": "http://localhost:8000/entities/"
    }
# ... many more entities ...
  ]
}

By providing the rel parameter (either set to disco-json or urn:oasis:names:tc:SAML:2.0:metadata it is possible to limit the type of links returned. In the scripts directory a tool mirror-mdq.sh uses this API to mirror an MDQ server to a remote location. This tool is useful to publish a static copy of the resources in a pyFF instance.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Extensions to MDQ

webfinger

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally