MDQT - A Metadata Query Tool

MDQT is small library and commandline tool to query MDQ services for SAML metadata. You can do this with curl but it's a little more convenient to use mdqt instead.

At present mdqt does not verify signed metadata, so an extra step is required to use it securely. It is also not yet fully compliant with the MDQ client specification.

MDQ?

MDQ is a simple HTTP-based standard for looking up individual SAML entity metadata. Rather than regularly downloading large metadata aggregates containing thousands of entity descriptions, an IdP or SP can download the metadata for individual entities using MDQ when they are needed.

The UK Access Management Federation has a useful page explaining MDQ

Installation

To add mdqt to a project, add this line to your application's Gemfile

gem 'mdqt'

and then execute:

$ bundle

To install system-wide on your default Ruby, use

$ sudo gem install mdqt

If using a per-user Ruby such via rbenv or similar, you'll just need

$ gem install mdqt

Commandline Usage as an MDQ client

You can see a list of commandline options by typing

$ mdqt --help

Specifying the MDQ service with a commandline option

$ mdqt get --service https://mdq.example.com/mdq  http://entity.ac.uk/shibboleth

It's more convenient to set an environment variable to specify a default MDQ service. Set MDQT_SERVICE or MDQ_BASE_URL to the base URL of your MDQ service.

Downloading entity metadata to STDOUT

$ mdqt get https://test-idp.ukfederation.org.uk/idp/shibboleth

Using sha1 hashed version of entity IDs requires quotes or escaping

$ mdqt get "{sha1}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9"

$ mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9

Requesting all metadata from an MDQ endpoint is done by specifying --all

$ mdqt get --all

Library Usage

Please don't! This gem is very early in development and the API is not stable. Later releases of this gem will provide a simple library to use in other Ruby applications.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/Digital-Identity-Labs/mdqt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.