...
Tip | ||
---|---|---|
| ||
Ask your federation operator how best to configure a metadata provider of type FileBackedHTTPMetadataProvider . In particular, First determine the HTTP location of the metadata file, AlsoThen ask about the recommended values of the minRefreshDelay attribute (default: PT30S ) and the maxRefreshDelay attribute (default: PT4H ). |
For illustration, let's assume that: (1) the the top-level <md:EntitiesDescriptor>
element of the XML document is signed; (2) the the top-level <md:EntitiesDescriptor>
element of the XML document is decorated with a validUntil
attribute; (3) the the validity interval is two weeks (P14D
) in duration; and (4) the the server supports HTTP conditional GET. The sample metadata provider shown below retrieves the metadata, verifies the signature, and checks the expiration date before loading the metadata into IdP memory:
Include Page | ||||
---|---|---|---|---|
|
See the FileBackedHTTPMetadataProvider
topic for more information.
Metadata aggregates may be arbitrarily large. Although the the FileBackedHTTPMetadataProvider
loads loads metadata in the background, parsed metadata objects are stored in memory for efficiency. Therefore sufficient memory must be available to accommodate the entire aggregate. Obviously, a large aggregate will have significant memory requirements.See the FileBackedHTTPMetadataProvider
topic for more information A more efficient approach leverages a DynamicHTTPMetadataProvider
as discussed in the next section.
DynamicHTTPMetadataProvider
...
Tip | ||
---|---|---|
| ||
Ask your federation operator how best to configure a metadata provider of type |
For illustration, let's assume that: (1) the the top-level <md:EntityDescriptor>
element of the XML document is signed; (2) the the top-level <md:EntityDescriptor>
element of the XML document is decorated with a validUntil
attribute; (3) the the validity interval is two weeks (P14D
) in duration; and (4) the the server conforms to the Metadata Query Protocol specification. The sample metadata provider shown below retrieves the metadata, verifies the signature, and checks the expiration date before loading the metadata into IdP memory:
...