metadata-support - [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes
Subject: InCommon metadata support
List archive
- From: Brian Koehmstedt <>
- To: <>
- Cc: <>
- Subject: [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes
- Date: Thu, 26 Jun 2014 14:15:02 -0700
On 6/26/2014 2:00 PM, Tom Scavo wrote:
Followups toRefreshing from http://md.incommon.org/InCommon/InCommon-metadata.xml.
,
please.
https://lists.incommon.org/sympa/info/metadata-support
On Thu, Jun 26, 2014 at 4:20 PM, Brian Koehmstedt
<>
wrote:
<metadata:MetadataProvider id="IdPMD"Hmm, why don't you use the Shib IdP itself to download, verify, and
xsi:type="metadata:FilesystemMetadataProvider"
metadataFile="/local/users/shib/cvs/shibboleth/conf/incommon/InCommon-metadata.xml"
maxRefreshDelay="PT15M" />
And we have a crontab that runs at 1am every night that downloads the
metadata file to a temp location and once the download is complete,
moves it to
/local/users/shib/cvs/shibboleth/conf/incommon/InCommon-metadata.xml.
otherwise process the metadata? See this wiki page for a complete
example: https://spaces.internet2.edu/x/XAQjAQ
What URL are you refreshing from? Are you verifying the signature on
the metadata?
Am I verifying the signature? No. (Point taken that it's desirable to do so.)
Why am I using FilesystemMetadataProvider instead of FileBackedHTTPMetadataProvider?
Well, here's the deal:
I've discovered that sometimes service providers will update something critical in the metadata and expect me to update immediately when they do so (or when InCommon pushes it out).
If I set a 15 minute interval on FileBackedHTTPMetadataProvider, that's downloading 10MB every 15 minutes. Surely if all the IdPs did this, you'd be not so happy with us. But perhaps you encourage it after all. (Here's my chance to find out! What's your recommended interval?) My intention was to be a good net citizen.
I find that by using FilesystemMetadataProvider, if a service provider demands we update metadata immediately, I can do so manually, then rely on a 15 minute interval from FilesystemMetadataProvider to find the new data in short order, without having to actually redownload 10MB from you all throughout the day.
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/26/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Tom Scavo, 06/26/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/26/2014
- <Possible follow-up(s)>
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/27/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Tom Scavo, 06/26/2014
Archive powered by MHonArc 2.6.16.