testing errors
Peter Schober
peter.schober at univie.ac.at
Tue Jan 16 11:30:30 EST 2018
* Tom Scavo <trscavo at gmail.com> [2018-01-16 17:10]:
> I don't quite get that. The source directory of a
> LocalDynamicMetadataProvider is a read-only metadata store. The
> actual metadata files to be managed are stored somewhere else.
> Unless I'm missing something, LocalDynamicMetadataProvider does not
> work around the file naming issue.
I can't follow both of the statements above. With a MetadataProvider
as included below you sha1-hash (or whatever) an entity's entityID and
that becomes the filename for the SAML 2.0 metadata you put into the
directory. So that file in fact (1) does contain the actual metadata,
and (2) will result in deterministic and invariant file names for any
given entityID.
<MetadataProvider type="Dynamic" ignoreTransport="true" minCacheDuration="10" maxCacheDuration="600">
<Subst encoded="false" hashed="SHA1">file:///etc/shibboleth/metadata/hash/$entityID.xml</Subst>
</MetadataProvider>
But I'll let make Rod his point, as I'm not fully sure of the needs of
testshib. (Obviously the above is only for the SP's metadata
consumption, though the IDP's LocalDynamicMetadataProvider should work
similarly?)
As for MDQ and InQueue etc. there's also https:/reep.refeds.org if
anyone cared. As Scott pointed out that (building a trust fabric for
cheap) is not what most people use testshib for, though.
-peter
More information about the users
mailing list