Versions Compared

Old Version 14

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

compared with

New Version 15

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes a proof-of-concept implementation of a metadata early warning system designed to work in conjunction with a Shibboleth FileBackedHTTPMetadataProvider, one of two HTTPMetadataProviders FileBackedHTTPMetadataProvider implemented in the Shibboleth IdP.

...

  1. Requires the @validUntil attribute to exist and ensures that its value is in the future but not too far into the future

  2. Requires the @creationInstant attribute to exist and ensures that its value is in the past

  3. Warns if the metadata is soon-to-be-expired
  4. Warns if the metadata is stale (but not soon-to-be-expired)

...

Now try the following experiments:

  1. Assuming Set maxValidityInterval to something less than the actual length of the Validity Interval is 14 days, set maxValidityInterval to something less and watch the process fail: an error message will be logged and the metadata will be removed from the pipeline.

  2. Assuming the actual Validity Interval is 14 days, set maxValidityInterval to something more and Set maxValidityInterval to something more than the actual length of the Validity Interval and watch the process fail: a warning message will be logged.

  3. Assuming the actual Validity Interval is 14 days, set the subintervals to overlapping values (say, -E P3D -F P12D) and watch the process fail: a warning message will be logged.

  4. Set the freshnessInterval to some ridiculously small value (say, -F PT60S) and watch the process fail: a warning message will be logged.

  5. Set the expirationWarningInterval to some ridiculously large value (say, -E P13D -F PT60S) and watch the process fail: a warning message will be logged.

...