Skip to Content.
Sympa Menu

metadata-support - RE: [Metadata-Support] New Incommon aggregate not refreshing

Subject: InCommon metadata support

List archive

RE: [Metadata-Support] New Incommon aggregate not refreshing


Chronological Thread 
  • From: "Alvarez, Dyana I" <>
  • To: "" <>
  • Subject: RE: [Metadata-Support] New Incommon aggregate not refreshing
  • Date: Mon, 24 Mar 2014 14:43:32 +0000
  • Accept-language: en-US

Hi,
Regarding your questions:
I think you're good to go. Did you obtain an authenticate copy of the new
metadata signing certificate?

https://spaces.internet2.edu/x/moHFAg


I obtained a copy of it, I didn't get the chance to push it to production but
since it's an optional step, I'll try to do it after March 29th.



Dyana Alvarez
Sr. Programmer
P: (305) 284-3521


-----Original Message-----
From:


[mailto:]
On Behalf Of Tom Scavo
Sent: Monday, March 24, 2014 9:27 AM
To:

Subject: Re: [Metadata-Support] New Incommon aggregate not refreshing

On Mon, Mar 24, 2014 at 8:52 AM, Dyana I Alvarez
<>
wrote:
>
> I made the link change in our Relying-Party on March 21st, and left
> our original set up to refresh at
>
> maxRefreshDelay="PT8H"
>
> with the link
> metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml";
>
> backingFile="c:\shibboleth-idp-238/metadata/InCommon-metadata.xml">

Sounds good. FWIW, we recommend you configure your process to refresh every
hour, as shown here: https://spaces.internet2.edu/x/XAQjAQ

> However, I've been checking to make sure it refreshes fine and that
> everything runs smoothly but I had not seen a refresh based on the
> InCommon-metadata.xml modified date which still reads 3/21/2014.

The last time we published an updated aggregate was Fri, 3/21, so what you're
seeing is what I would expect.

> Today is 3/24/2014 but it should
> refresh at a 8 hour rate, am I correct?

It *attempts* a refresh every 8 hours. If the aggregate has not been updated,
it short-circuits the refresh. This is called HTTP Conditional GET:
https://spaces.internet2.edu/x/44GVAQ

And in fact, this is why we recommend you set your refresh rate to one hour.
There is no penalty in doing so, but there is potential benefit if we happen
to sign metadata out of the blue for some reason.

> Could this be related to the new aggregate?

No, from what you've told me so far, everything is functioning as I'd expect.

> Please let me know how can I troubleshoot this ?

I think you're good to go. Did you obtain an authenticate copy of the new
metadata signing certificate?

https://spaces.internet2.edu/x/moHFAg

Tom



Archive powered by MHonArc 2.6.16.

Top of Page