A problem with metadata:FilesystemMetadataProvider

Marco Malavolti marco.malavolti at garr.it
Tue Aug 12 09:59:08 EDT 2014 

Update:

The "http://www.example.it/metadata/metadata-sha256.xml" has a new 
validUntil value, but the backingFile is not updated.

I have tried this steps:
1) Removed the metadata-sha256.xml from its location.
2) Restarted Tomcat7
3) Removed again the new metadata-sha256.xml from its location.
4) I have waited the new refresh cycle to see what happen and I see the 
"Log" that I have attached here.

I have used the same MetadataProvider configuration with a different 
HTTP URL where I have uploaded the metadata-sha256.xml file and it works.

I begin to think that the problem can be on the retrieving URL, but I 
don't understand why, with a Tomcat restart, the metadata is updated 
correctly.

Thank you for all the help that you have gave to me.

I appreciate it very much.

Best Regards,
Marco
------------------------------------------------------------

Config:
<!-- Metadata Refresh Period
minRefreshDelay == every 5 minutes (default value)
maxRefreshDelay == every 4 hours (default value) -->

<metadata:MetadataProvider id="URLMD-Federation"
xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="http://www.example.it/metadata/metadata-sha256.xml"
backingFile="/opt/shibboleth-idp/metadata/metadata-sha256.xml">

<metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
<metadata:MetadataFilter xsi:type="metadata:SignatureValidation" 
trustEngineRef="shibboleth.MetadataTrustEngine" 
requireSignedMetadata="true" />
<metadata:MetadataFilter xsi:type="EntityRoleWhiteList">
<metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
</metadata:MetadataFilter>
</metadata:MetadataFilter>
</metadata:MetadataProvider>

</metadata:MetadataProvider>

Log:
10:58:58.125 - DEBUG 
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:253] 
- Beginning refresh of metadata from 
'http://www.example.it/metadata/metadata-sha256.xml'
10:58:58.126 - DEBUG 
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:249] - 
Attempting to fetch metadata document from 
'http://www.example.it/metadata/metadata-sha256.xml'
10:58:58.145 - DEBUG 
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:254] - 
Metadata document from 
'http://www.example.it/metadata/metadata-sha256.xml' has not changed 
since last retrieval
10:58:58.145 - DEBUG 
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:257] 
- Metadata from 'http://www.example.it/metadata/metadata-sha256.xml' has 
not changed since last refresh
10:58:58.146 - DEBUG 
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:327] 
- Computing new expiration time for cached metadata from 
'http://www.example.it/metadata/metadata-sha256.xml
10:58:58.193 - INFO 
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:276] 
- Next refresh cycle for metadata provider 
'http://www.example.it/metadata/metadata-sha256.xml' will occur on 
'2014-08-12T11:58:58.142Z' ('2014-08-12T13:58:58.142+02:00' local time)

--------------------------------------------------------------------------------------------------------------

Il 11/08/14 17:00, Cantor, Scott ha scritto:
> On 8/11/14, 10:52 AM, "Marco Malavolti" <marco.malavolti at garr.it> wrote:
>
>> Yes, I have set these so low in order to reproduce the issue more
>> quickly, but I have the same problem with the default configuration
>> values:
>> - minRefreshDelay="PT5M"
>> - maxRefreshDelay="PT4H"
> Then your file has a last-modified value that's older than every time it
> runs a check. Trust me, it works, so the only way it's not working is if
> you're essentially forcibly causing the race condition every time. Your
> tests won't mean anything unless you keep the timestamp on the file new
> enough to trigger a load.
>
> What you want is for the file time to be essentially the exact time you
> update the file, not the actual time the file was last changed at the
> source.
>
> Basically, either change your file update process, or switch to the HTTP
> versions.
>
>
> -- Scott
>

-- 
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 Roma
CF 97284570583 – PI 07577141000
skype: marco.mala


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3239 bytes
Desc: Firma crittografica S/MIME
Url : http://shibboleth.net/pipermail/users/attachments/20140812/1639788f/attachment.bin

More information about the users mailing list