metadata-support - [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes
Subject: InCommon metadata support
List archive
- From: Brian Koehmstedt <>
- To: Shib Users <>
- Cc: "" <>
- Subject: [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes
- Date: Thu, 26 Jun 2014 14:48:36 -0700
On 6/26/2014 2:41 PM, Tom Scavo wrote:
On Thu, Jun 26, 2014 at 5:15 PM, Brian KoehmstedtThanks Tom. I was unaware of the Conditional GET support. I'll switch to FileBackedHTTPMetadataProvider to see if that clears up this problem.
<>
wrote:
On 6/26/2014 2:00 PM, Tom Scavo wrote:That's good.
What URL are you refreshing from? Are you verifying the signature onRefreshing from http://md.incommon.org/InCommon/InCommon-metadata.xml.
the metadata?
Am I verifying the signature? No. (Point taken that it's desirable toMore than desirable, it's a security issue, but I'll say no more...
do so.)
Why am I using FilesystemMetadataProvider instead ofPeople are funny about that, aren't they? ;-)
FileBackedHTTPMetadataProvider?
Well, here's the deal:
I've discovered that sometimes service providers will update something
critical in the metadata and expect me to update immediately when they
do so (or when InCommon pushes it out).
If I set a 15 minute interval on FileBackedHTTPMetadataProvider, that'sThat's why most people use a smart metadata client (like Shibboleth)
downloading 10MB every 15 minutes. Surely if all the IdPs did this,
you'd be not so happy with us.
because it supports HTTP Conditional GET.
(https://spaces.internet2.edu/x/44GVAQ)
But perhaps you encourage it after all.It's documented on the Metadata Consumption page
(Here's my chance to find out! What's your recommended interval?)
(https://spaces.internet2.edu/x/JwQjAQ) and the previously referenced
Shibboleth Metadata Config page: one hour.
My intention was to be a good net citizen.That's appreciated but in this case your concern is unfounded.
I find that by using FilesystemMetadataProvider, if a service providerNone of that is necessary. Just configure your IdP as documented in
demands we update metadata immediately, I can do so manually, then rely
on a 15 minute interval from FilesystemMetadataProvider to find the new
data in short order, without having to actually redownload 10MB from you
all throughout the day.
the wiki and you should be good to go.
Tom
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/26/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Tom Scavo, 06/26/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/26/2014
- <Possible follow-up(s)>
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Brian Koehmstedt, 06/27/2014
- [Metadata-Support] Re: Occasional problem with InCommon metadata refreshes, Tom Scavo, 06/26/2014
Archive powered by MHonArc 2.6.16.