Shibboleth IdPv3 administrative urls
Walter Forbes Hoehn (wassa)
wassa at memphis.edu
Thu Oct 22 11:54:59 EDT 2015
Much the same here… The tool is great, but I didn’t want to look at the wiki every time I needed to use it and the service names didn’t stick in my head. So, I created a bunch of small wrapper scripts. For instance:
[wassa at notforyou 4%][10:47:51][/opt/shibboleth-idp/local/bin]: cat reload-um-local-metadata
#!/bin/bash
IDP_HOME=/opt/shibboleth-idp
echo "Reloading U Memphis local metadata on host ($(hostname))"
$IDP_HOME/bin/reload-metadata.sh -id umLocalMD -u http://localhost:8080
> On Oct 22, 2015, at 10:33 AM, Peter Schober <peter.schober at univie.ac.at> wrote:
>
> * Michael A Grady <mgrady at unicon.net> [2015-10-22 16:58]:
>> So the following appears to work:
>>
>> ../idp/profile/admin/reload-service?id=shibboleth.AttributeResolverService
>>
>> I guessed that the corresponding argument/value set for reloading
>> metadata would be the 'id' of the MetadataProvider
>>
>> ./idp/profile/admin/reload-metadata?id=MyLocalMetadataFile
>>
>> and that appears to have worked. Is the above correct, and anything
>> else interesting about using the above endpoints that may not
>> otherwise be obvious without looking at the code?
>
> All of this is documented, at
> https://wiki.shibboleth.net/confluence/display/IDP30/ReloadableServices
>
> FWIW, initially I didn't have a plain http listener on port 80 (an IDP
> only needs to listen on port 443) so the reload and status scripts didn't
> work as is.
> But the error message from that invocation was clear enough that I
> assembled a set if shell aliases that did the same think using cURL.
> E.g.:
>
> curl -s -k 'https://localhost/idp/status'
> curl -s -k 'https://localhost/idp/profile/admin/reload-service?id=shibboleth.AttributeFilterService'
> curl -s -k 'https://localhost/idp/profile/admin/reload-service?id=shibboleth.AttributeResolverService'
> curl -s -k 'https://localhost/idp/profile/admin/reload-service?id=shibboleth.LoggingService'
> curl -s -k 'https://localhost/idp/profile/admin/reload-metadata?id=your.MetadataProvider.id'
>
> I later did add a listener on port 80 on the loopback interface only,
> to make the scripts work as documented. Seems easy enough and allows
> anyone following the docs to reload stuff, w/o local knowhow.
>
> Reloading works wonderfully and at least on Tomcat8 is absolutely
> essential, as restarting the IDP (or context) would take ages, so that
> would be absolutely prohibitive for testing purposes.
> -peter
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list