Skip to Content.
Sympa Menu

metadata-support - [Metadata-Support] significant slowdown in XML Signature validation

Subject: InCommon metadata support

List archive

[Metadata-Support] significant slowdown in XML Signature validation


Chronological Thread 
  • From: Jeffrey Eaton <>
  • To: "" <>
  • Subject: [Metadata-Support] significant slowdown in XML Signature validation
  • Date: Tue, 16 Feb 2016 19:25:14 +0000
  • Accept-language: en-US

With the new eduGAIN containing metadata, we’re seeing a significant slowdown
in the time it takes shibd to start up, and this appears to be in the
signature validation step.

Prior to the eduGAIN change, the file could be loaded and processed in about
4-5 seconds. Today, we’re seeing it take nearly 2 minutes. While I
expected some slowdown, I did not expect 30x slowdown for a file which
changed in size by less than 2x.

Of course, the slowdown means that the init.d scripts (on RedHat) now
complain about failure unless you significantly boost the SHIBD_WAIT setting
from its default of 30 seconds.

Is there anything that anyone is aware of which can be done to improve the
shibd loading time? Is this just going to be a fact of life for the future?

As an aside, the metadata diffs on
https://wayf.incommonfederation.org/metadata-diff/prod-prod/?C=M;O=D do not
actually correspond to the current metadata. There’s no diff published which
contains the eduGAIN change that I can see. It looks like one release was
done as INC20160215T170723 (the newest patch), then another as
INC20160215T173843 (with no patch).

Thanks,

-jeaton




Archive powered by MHonArc 2.6.16.

Top of Page