Shibboleth(3.2.3) : Parsing of the Incommons-Medata.xml taking huge amount of time

Peter Schober peter.schober at
Thu Apr 14 11:09:37 UTC 2022

* Max Spicer <max.spicer at> [2022-04-14 13:04]:
> Am I right in thinking that the v4 equivalent of this is the
> alwaysVerifyTrustedSource attribute on a SignatureValidation filter?

The XML libraries used by the IDP don't have a problem with signature
validation filters on very large metadata aggregates (contrary to
those used by the SP), so there's nothing special you'd need to do
either way.
The same logic (that you'll need to trust the file system with cached
metadata as long as you trust the file system with key material to
validate said metadata with) still applies, of course.


More information about the users mailing list