Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Did something happen Friday, Sept 15 3-5pm?

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Did something happen Friday, Sept 15 3-5pm?


Chronological Thread 
  • From: Shannon Roddy <>
  • To:
  • Subject: Re: [Metadata-Support] Did something happen Friday, Sept 15 3-5pm?
  • Date: Fri, 22 Sep 2017 13:15:44 -0400
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:onM73BCDOe/mK8L0eALFUyQJP3N1i/DPJgcQr6AfoPdwSPX4pcbcNUDSrc9gkEXOFd2CrakV26yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhzexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJKiA38G/XhMJzgqxUrh2uqB5jzIDbYYGYL+Z+c6DHcN8GWWZMUMRcWipcCY28dYsPCO8BMP5FoYn9vVQOqx2+BQ6qBOjy1jFIgWL50rA60u88FgzGxxYgH9UTv3vJrNT4L6YSUeapzKbW1zXDae1Z2Svj5ITSbB8uvOyMUKt2fMHMx0cvEAbFgU+RqYzjJz6V1+INvHSc7+plUOKvjGgnpxt2oji1ycchjJTCiIENyl3c6Cl13Ik4Kce3RUN5e9KpH4dcuzuHO4dqXM8uW39ktScmxrEbvJO2eCsHx44iyhPQZfGLb5SE7xfgWeufITp0mHdodKyiiBqu8kWtz+3xW8qo31lRqydIkNjBum4R2BHW9MeHRP9w8Vyn1D2SzQ7c8PtELloxlafDK54u3Lowlp0LvErbAiL4n1n6gaGPekg64+ak9v3rYrL9qZCCLYN0jRz+Mrg1lcy4HOQ4NBUBU3KD+eSm073j4VP2T6lWjv03lanZtorWJcMGpq6lBw9V1YEj6xWlAzi619QYmGELLFNDeB2Zk4jkI0zCLOz3APuljFmhki1nyv/aMrH7H5nBMmbPnK/kfbln6k5czAQzzcpY55JRErwBO+jzWkjsu9PFDh40KA20w+D7CNpjzIMeX3yAArOHPK/Ir1CH+/8vL/GWZIAJoDb9N+Ql5/n2gH84n18SYa6p3Z4SaHC/GPRqOUKZYWDjgtsYFGcFoBY+Q/b3h1KYTT5cfW++X7kh5jEjEIKmCp3DRpy2jbyF3Se7BYFWZntYBlyWEHfocZmEVOkWaCKUPMBhjiIIWaK/RIA8yBH9/DP9nr9qMuPY8zER8In+zMBy/fH7lBc58jlxCMLb1HuCHE9umWZdfD8/2qZ4pwRHzVuPwOAsmOZfGdBCz/JPTgogM5PAlap3B82kCVGJRcuAVFvzGobuOjo2VN9km9I=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi Gerry,

A couple of questions.

- Do you show later in your logs the next time the metadata was
successfully downloaded?
- Is there a proxy configured for 10.110.29.20 or does it just rely on
NAT for external HTTP connections?

Thanks,
Shannon


On 9/21/17 12:12 PM, Hall, Gerry wrote:
> I experienced the same issue with several SP’s for which the source of
> metadata is the InCommon aggregate file from about 3:28 PM until about 7:18
> PM on this past Friday 15 September. Unfortunately, I was not made aware
> of the issue until the next day Saturday by which the issue was resolved.
> I nor anyone on my team made any changes nor did we take any corrective
> action. Also, as the initial email indicates, the issue only affected
> SP’s for which we rely on the InCommon aggregate file for as a source of
> metadata.
>
> The IdP logs had erros like the following:
>
> 10.110.29.20|2017-09-15 03:27:27,382 - ERROR
> [org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver:313] -
> Metadata Resolver FileBackedHTTPMetadataResolver InCommonMD: Error
> retrieving metadata from
> http://md.incommon.org/InCommon/InCommon-metadata.xml
> org.apache.http.conn.HttpHostConnectException: Connect to
> md.incommon.org:80 [md.incommon.org/163.253.32.9] failed: Connection refused
> 10.110.29.20|2017-09-15 03:27:27,382 - WARN
> [org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver:295]
> - Metadata Resolver FileBackedHTTPMetadataResolver InCommonMD: Problem
> reading metadata from remote source; detected existing cached metadata,
> skipping load of backup file
>
> On 9/21/17, 11:47 AM,
> "
> on behalf of Cantor, Scott"
> <
> on behalf of
> >
> wrote:
>
> On 9/21/17, 8:42 AM,
> "
> on behalf of
> "
>
> <
> on behalf of
> >
> wrote:
>
> > I ended up downloading a new InCommon metadata file and restarting
> our IdP
> > (since just restarting didn't change anything.) That was around 5pm
> and
> > appeared to fix it. I was just wondering if I had actually fixed it,
> or it
> > was just a coincidence that it started working again.
>
> As a matter of simple functional explanation, you cannot correct a
> problem that may exist in your IdP's metadata by changing the metadata your
> idP uses. Your IdP doesn't consume its own metadata.
>
> If the problem was in an SP's metadata, then obviously reloading it and
> changing the metadata the IdP uses is a very different matter.
>
> What seems more likely is that your system broke in some way and
> restarting it corrected that.
>
> -- Scott
>
>
>
>
>
> ________________________________
>
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
>



Archive powered by MHonArc 2.6.19.

Top of Page