...
if you're trying to load very large SAML 2.0 Metadata (e.g. the size of InCommon or eduGAIN) you may need to increase the startup timeout systemd applies before it kills off shibd and tries to start it again (which is pointless since signature-validating that metadata won't be any faster the next time). This can be done by setting TimeoutStartSec to a rather large value, e.g. 2h
(or infinite
, to disable the startup timeout functionality) for InCommon/eduGAIN-sized metadata. See below for an example or the systemd.service documentation.
...
Example: Have systemd wait up to 2 hours for shibd to start
Code Block | ||
---|---|---|
| ||
echo -e '[Service]\nTimeoutStartSec=2h' | sudo tee /etc/systemd/system/shibd.service.d/timeout.conf sudo systemctl daemon-reload |