reload-metadata & multiple metadata providers

Ryan Rumbaugh rrumbaugh at nebraska.edu
Fri Jul 26 09:48:47 EDT 2019 

We use the TIER (ITAP) images and we add two additional layers. The first image we create is called the base image and in that we add in configuration elements that are common amongst all our IdP's, such as, InCommon metadata config, a local system-wide metadata config, common release policies, attributes, etc. In this base image we create a metadata-providers file and appropriate entry in services.xml that creates a metadata-providers file just for the base image so all our IdPs have like metadata loaded that are system-wide.

The last image layer adds in campus specific IdP configuration (we support 6 IdP's) and this image layer uses its own metadata-provider and appropriate entry in services.xml. By being built on top of the base image, we get a baked in configuration. 

Hope that makes sense!

This certainly isn't a show stopper and we only use the reload-metadata service for quick debugging purposes generally, but was curious if this was a bug or if there was a workaround.

Log file:

Jul 25 18:35:36 unk-auth-tst-ec2-01 c8167c3bb812[8864]: shib-idp;idp-warn.log;test;nothing;2019-07-25 18:35:36,064 - WARN [net.shibboleth.idp.saml.profile.impl.ReloadMetadata:177] - Profile Action ReloadMetadata: Unable to locate refreshable or clearable metadata resolver: 'NEFED'

Thanks!

--
Ryan Rumbaugh

On 7/26/19, 5:11 AM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:

    * Ryan Rumbaugh <rrumbaugh at nebraska.edu> [2019-07-25 21:24]:
    > We have an IdP configured to use multiple metadata-provider sources
    > configured in services.xml and have appropriate sortKey attributes
    > in place.
    
    Care to share why a single metadata-providers.xml doesn't suffice?
    Just curious.
    
    (Personally I don't even have multiple MetadataProvider elements
    within my single metadata-providers.xml file other than a "federation"
    one and a "local" one. So obviously your use-case is very different.)
    
    > <b>Message</b> Metadata source not found.</p><p><b>Description</b>
    > The origin server did not find a current representation for the
    > target resource or is not willing to disclose that one exists.
    
    Can you share the corresponding log message(s)?
    
    -peter
    -- 
    For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo&r=x_uM7qpgXzh_70B3Dgey5pfdCFAWMhq-IedVFyaAIwg&m=lU9iB16FTE2RzycPdMWz0R6lvsW3JWex24e-RVlbxaQ&s=159z04Fxa0UKC7L835laxkn5NjhMM3Hh4xXPKssufR0&e= 
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list