The DynamicHTTPMetadataProvider
fetches entity metadata just-in-time from a remote HTTP server. The metadata request URL is constructed by applying a transform to the entityID
. The transform strategy is configured in a child elementto the entityID
. The transform strategy is configured in a child element.
Metadata is cached in memory subject to a complex set of interacting settings and the cache indicators within the metadata itself, and also can be saved to disk and reloaded back into memory at reload or startup time to restore the state of the cache. This isn't a fully redundant safety net but can be used as part of an overall strategy to reduce the risk of relying on remote sources in real-time. Ultimately, remote sources have to be bulletproof or there will be outages. This can be mitigated but not fully eliminated as a risk.
Info | ||
---|---|---|
| ||
The DynamicHTTPMetadataProvider is used with remote metadata. See the MetadataManagementBestPractices topic for more information. |
...
Any of the following child elements may be specified (, in order)the specified order (i.e. filters must appear first, then optionally a trust engine, and finally one of the request construction elements.
Name | Cardinality | Description |
---|---|---|
<MetadataFilter > | 0 or more | A metadata filter applied to candidate metadata as it flows through the metadata pipeline |
<TLSTrustEngine> 3.1 | 0 or 1 | A custom TrustEngine used to evaluate TLS server certificates. This element conflicts with and is overridden by the httpClientSecurityParametersRef attribute. |
<MetadataQueryProtocol> | 0 or 1 | Constructs the metadata request URL based on the requirements of the Metadata Query Protocol |
<Template> | 0 or 1 | Constructs the metadata request URL by means of a simple transform based on substitution |
<Regex> | 0 or 1 | Constructs the metadata request URL by means of a complex transform based on a regular expression |
...
Name | Type | Default | Description |
---|---|---|---|
encodingStyle 3.4 | "none", "form", "path", or "fragment" | "form" | Determines whether and how the entityID value will be URL encoded prior to replacement. Allowed values are:
The precise definition of these terms is defined in the documentation for the methods of the Guava library's UrlEscapers class. |
| Boolean | true | Deprecated. Use 'encodingStyle instead as of v3.4. If the element contains an encoded attribute set to "false", the value will be replaced directly, otherwise it will be URL form encoded. |
transformRef | Bean ID | A reference to a transform function for the entityID . If used, the child element must be empty. | |
velocityEngine | Bean ID | shibboleth.VelocityEngine | This attribute may be used to specify the name of the Velocity engine defined within the application. |
...