IdP 2.1.x hangs if the metadata provider drops connections
Roberto Benedetti
r.benedetti at cineca.it
Fri Nov 11 14:37:50 GMT 2011
hello to everyone.
we recently experienced a problem on a far-to-be-recent IdP instance
(2.1.5) configured with "FileBackedHTTPMetadataProvider".
the IdP hanged (i.e. no web-pages served, no actions performed, no logs
at all) when, trying to access the configured URL, it was unable to
fetch the metadata. during that incident, we saw that restarting the IdP
had no effect and the only solution was commenting out that particular
source and restarting the IdP.
we then ran a few tests and saw that
a) simulating a standard failure with an iptables REJECT rule, the IdP
worked properly (making use of the backup metadata);
b) simulating a network failure with an iptables DROP rule, we were able
to reproduce the problem;
c) configuring the "requestTimeout" parameter did not make any
difference (probably the timeout starts after the connection has been
established - and in a DROPped connection it never starts the countdown)
* is this the normal behaviour?
* would upgrading to a more recent IdP version solve the problem?
* is there any workaround we could apply (e.g. downloading metadata
files via a scheduled job and configuring the IdP for
"FilesystemMetadataProvider" ala' IdP-1.3)?
thanks for your support,
roberto benedetti
More information about the users
mailing list