Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Overview

This service reloads a specific <MetadataProvider> plugin via the id specified in the MetadataConfiguration. In the case of dynamic resolvers, a reload will clear the state of the resolver's in-memory cache.

<MetadataProvider id="nameUsedbelow" xsi:type="Whatever" .... >

The underlying web interface, which is managed as an AdministrativeConfiguration, looks like this:

http[s]://localhost/idp/profile/admin/reload-metadata?id=nameSpecifiedAbove

The same thing on the command line would be:

$ /opt/shibboleth-idp/bin/reload-metadata.sh -id nameSpecifiedAbove

The parameters supported and their corresponding command line options are:

Query String

Command Line

Description

id

--provider, -id

Metadata Resolver to reload

The identifiers of the resolvers are also listed by the status and metrics administrative flows.

Reference

V4.0 and upgraded systems include a bean defined in conf/admin/general-admin.xml to control aspects of the flow's behavior.

V4.1 includes properties to control various aspects of the flow's behavior using an internally-defined bean that may be overridden if required.

 Properties (V4.1+)

The general properties configuring this flow via admin/admin.properties are:

Name

Default

Description

idp.reload.logging

Reload

Audit log identifier for flow

idp.reload.accessPolicy

AccessByIPAddress

Name of access control policy for request authorization

idp.reload.authenticated

false

Whether authentication should be performed prior to access control evaluation

idp.reload.nonBrowserSupported

false

Whether the flow should allow for non-browser clients during authentication

idp.reload.resolveAttributes

false

Whether attributes should be resolved prior to access control evaluation

 Flow Descriptor XML (V4.1+)

To replace the internally defined flow descriptor bean, the following XML is required:

<util:list id="shibboleth.AvailableAdminFlows">
 
    <bean parent="shibboleth.AdminFlow"
        c:id="http://shibboleth.net/ns/profiles/reload"
        p:loggingId="%{idp.reload.logging:Reload}"
        p:policyName="%{idp.reload.accessPolicy:AccessByIPAddress}"
        p:nonBrowserSupported="%{idp.reload.nonBrowserSupported:false}"
        p:authenticated="%{idp.reload.authenticated:false}"
        p:resolveAttributes="%{idp.reload.resolveAttributes:false}" />
 
</util:list>

In older versions and upgraded systems, this list is defined in conf/admin/general-admin.xml. In V4.1+, no default version of the list is provided and it may simply be placed in conf/global.xml if needed.

  • No labels