Shibboleth.DEPRECATION : MetadataGenerator handler

Etienne Dysli Metref etienne.dysli-metref at
Thu Dec 9 07:27:58 UTC 2021

On 06.12.21 19:22, Peter Schober wrote:
> One (server mode) connecting to the Java TCP listener and exposing a
> TLS server (and expecting client certs from a certain CA/chain).  And
> another one (client mode) for mod_shib to connect to (on a non-TLS TCP
> port), itself connecting to the TLS server on the Java side with a
> client cert.

This is called a "service mesh" for those going the "containerise all 
the things" way. ;)

If it's like the IdP, the number of configuration files to manage 
(20-30) makes it rather costly to put under configuration management. I 
haven't yet tried to automatically build a ConfigMap for an IdP on 
Kubernetes, but I dread that day...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the users mailing list