Versions Compared

Old Version 13

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

compared with

New Version 14

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleConsult your federation operator
Ask your federation operator how best to configure a metadata provider of type FileBackedHTTPMetadataProvider. In particular, First determine the HTTP location of the metadata file, AlsoThen ask about the recommended values of the minRefreshDelay attribute (default: PT30S) and the maxRefreshDelay attribute (default: PT4H).

For illustration, let's assume that: (1) the  the top-level <md:EntitiesDescriptor> element of the XML document is signed; (2) the  the top-level <md:EntitiesDescriptor> element of the XML document is decorated with a validUntil attribute; (3) the  the validity interval is two weeks (P14D) in duration; and (4) the  the server supports HTTP conditional GET. The sample metadata provider shown below retrieves the metadata, verifies the signature, and checks the expiration date before loading the metadata into IdP memory:

Include Page
RemoteMetadataAggregateExample
RemoteMetadataAggregateExample

See the FileBackedHTTPMetadataProvider topic for more information.

Metadata aggregates may be arbitrarily large. Although the the FileBackedHTTPMetadataProvider loads  loads metadata in the background, parsed metadata objects are stored in memory for efficiency. Therefore sufficient memory must be available to accommodate the entire aggregate. Obviously, a large aggregate will have significant memory requirements.See the FileBackedHTTPMetadataProvider topic for more information  A more efficient approach leverages a DynamicHTTPMetadataProvider as discussed in the next section.

DynamicHTTPMetadataProvider

...

Tip
titleConsult your federation operator

Ask your federation operator how best to configure a metadata provider of type DynamicHTTPMetadataProvider. In particular, First determine the base URL of the MDQ server, Also Then ask about the recommended values of the minCacheDuration attribute (default: PT10M) and the maxCacheDuration attribute (default: PT8H). Finally, ask how best to configure the provider to mitigate the risk of an MDQ server that is unreachable or nonresponsivenon-responsive.

For illustration, let's assume that: (1) the  the top-level <md:EntityDescriptor> element of the XML document is signed; (2) the  the top-level <md:EntityDescriptor> element of the XML document is decorated with a validUntil attribute; (3) the  the validity interval is two weeks (P14D) in duration; and (4) the  the server conforms to the Metadata Query Protocol specification. The sample metadata provider shown below retrieves the metadata, verifies the signature, and checks the expiration date before loading the metadata into IdP memory:

...