A problem with metadata:FilesystemMetadataProvider
Marco Malavolti
marco.malavolti at garr.it
Tue Aug 12 09:59:08 EDT 2014
Update:
The "http://www.example.it/metadata/metadata-sha256.xml" has a new
validUntil value, but the backingFile is not updated.
I have tried this steps:
1) Removed the metadata-sha256.xml from its location.
2) Restarted Tomcat7
3) Removed again the new metadata-sha256.xml from its location.
4) I have waited the new refresh cycle to see what happen and I see the
"Log" that I have attached here.
I have used the same MetadataProvider configuration with a different
HTTP URL where I have uploaded the metadata-sha256.xml file and it works.
I begin to think that the problem can be on the retrieving URL, but I
don't understand why, with a Tomcat restart, the metadata is updated
correctly.
Thank you for all the help that you have gave to me.
I appreciate it very much.
Best Regards,
Marco
------------------------------------------------------------
Config:
<!-- Metadata Refresh Period
minRefreshDelay == every 5 minutes (default value)
maxRefreshDelay == every 4 hours (default value) -->
<metadata:MetadataProvider id="URLMD-Federation"
xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="http://www.example.it/metadata/metadata-sha256.xml"
backingFile="/opt/shibboleth-idp/metadata/metadata-sha256.xml">
<metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
<metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
trustEngineRef="shibboleth.MetadataTrustEngine"
requireSignedMetadata="true" />
<metadata:MetadataFilter xsi:type="EntityRoleWhiteList">
<metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
</metadata:MetadataFilter>
</metadata:MetadataFilter>
</metadata:MetadataProvider>
</metadata:MetadataProvider>
Log:
10:58:58.125 - DEBUG
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:253]
- Beginning refresh of metadata from
'http://www.example.it/metadata/metadata-sha256.xml'
10:58:58.126 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:249] -
Attempting to fetch metadata document from
'http://www.example.it/metadata/metadata-sha256.xml'
10:58:58.145 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:254] -
Metadata document from
'http://www.example.it/metadata/metadata-sha256.xml' has not changed
since last retrieval
10:58:58.145 - DEBUG
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:257]
- Metadata from 'http://www.example.it/metadata/metadata-sha256.xml' has
not changed since last refresh
10:58:58.146 - DEBUG
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:327]
- Computing new expiration time for cached metadata from
'http://www.example.it/metadata/metadata-sha256.xml
10:58:58.193 - INFO
[org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:276]
- Next refresh cycle for metadata provider
'http://www.example.it/metadata/metadata-sha256.xml' will occur on
'2014-08-12T11:58:58.142Z' ('2014-08-12T13:58:58.142+02:00' local time)
--------------------------------------------------------------------------------------------------------------
Il 11/08/14 17:00, Cantor, Scott ha scritto:
> On 8/11/14, 10:52 AM, "Marco Malavolti" <marco.malavolti at garr.it> wrote:
>
>> Yes, I have set these so low in order to reproduce the issue more
>> quickly, but I have the same problem with the default configuration
>> values:
>> - minRefreshDelay="PT5M"
>> - maxRefreshDelay="PT4H"
> Then your file has a last-modified value that's older than every time it
> runs a check. Trust me, it works, so the only way it's not working is if
> you're essentially forcibly causing the race condition every time. Your
> tests won't mean anything unless you keep the timestamp on the file new
> enough to trigger a load.
>
> What you want is for the file time to be essentially the exact time you
> update the file, not the actual time the file was last changed at the
> source.
>
> Basically, either change your file update process, or switch to the HTTP
> versions.
>
>
> -- Scott
>
--
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 Roma
CF 97284570583 – PI 07577141000
skype: marco.mala
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3239 bytes
Desc: Firma crittografica S/MIME
Url : http://shibboleth.net/pipermail/users/attachments/20140812/1639788f/attachment.bin
More information about the users
mailing list