Metadata expiry and computing a new expiration time.

Cantor, Scott cantor.2 at osu.edu
Sun Sep 13 13:46:58 EDT 2015 

On 9/12/15, 10:46 AM, "users on behalf of Simon Fraser" <users-bounces at shibboleth.net on behalf of srf at sanger.ac.uk> wrote:

>On Sat, Sep 12, 2015 at 01:31:19AM +0000, Cantor, Scott wrote:
>
>> On 9/11/15, 11:41 AM, "users on behalf of Simon Fraser"
>> <users-bounces at shibboleth.net on behalf of srf at sanger.ac.uk> wrote:
>> 
>> 
>> >The identity provider is 3.1.1.
>> 
>> There's no point in debugging anything until you're on a supported version.
>
>3.1.1 isn't supported, even though it's only one patchlevel different from the
>most recent release? That's harsh.

I'm sorry, but that's not a new policy. We don't support anything but the latest version on a branch. We never have. If you run into a bug, it either got fixed already, or needs to be reproduced on the version we actually can fix the bug in, which is the latest one.

That doesn't mean we don't answer questions or speculate about an issue, but that's *not* what "supported" means. Support implies that we would go back and fix a bug and issue a patch to that specific version. That's what I'm referring to. We will not do that for 3.1.1, ergo it's officially out of support.

>I'm not seeing any memory errors, and the IDP works fine for sites that are not
>part of the Federation.

I'm not guaranteeing it's a memory error, but I know people have seen the refresh threads crash with no apparent cause and had the problem disappear after increasing the heap size. That leads me to believe there's a bug that's preventing it from getting logged, or that people are missing something in the container log perhaps.

>>>Happy to change it, I wasn't able to get it working with the verification in
>> >place.
>> 
>> Because...?
>
>I'm not sure if this is sarcasm or not. If I knew why it wasn't working, I
>would have taken steps to fix it. I don't remember the log messages being
>helpful, but I will try again.

Sarcasm? On whose part? You tell me something we know works and is completely mandatory to even consider using the software at all, but don't say why, and then I'm supposed to be able to help fix it?

>As it was, most of the configuration file changes from 2.x to 3.x, combined
>with the incomplete or misleading documentation ('deprecated but should still
>work' features like the old relying-party and attribute-* files just don't
>work, for example),

They do work. Very well.

-- Scott

More information about the users mailing list