Identity Provider 4MetadataConfigurationLocalDynamicMetadataProvider

The Shibboleth IdP V4 software will leave support on September 1, 2024.

LocalDynamicMetadataProvider

Owned by Scott Cantor
Last updated: Sept 20, 2021 by Rod Widdowson

Namespace: urn:mace:shibboleth:2.0:metadata
Schema: http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Overview

The LocalDynamicMetadataProvider fetches metadata from a local source dynamically as needed. The deployer is responsible for populating the local source with data, which may be done while the metadata provider is running. New metadata will be seen automatically the first time it is requested.

Use this provider with local metadata

The LocalDynamicMetadataProvider is used with local metadata. See the MetadataManagementBestPractices topic for more information.

A common use case will be to use a filesystem directory as the local source.  A convenience attribute sourceDirectory is supplied to facilitate this configuration.  In this case, the deployer adds XML files each containing a single <md:EntityDescriptor> element to the sourceDirectory.

By default, when using a sourceDirectory, the file naming convention will be the lower case hex-encoded SHA-1 digest of the entityID, suffixed with ".xml". For example, the metadata for the entity with entityID "urn:test:foobar" will be resolved from the sourceDirectory with filename "d278c9975472a6b4827b1a8723192b4e99aa969c.xml".

Note that with the default entityID digest mechanism, the digested value should not include any leading or trailing whitespace (in particular, no trailing new line character):

Example generating default source key with OpenSSL
$ echo -n "urn:test:foobar" | openssl sha1 d278c9975472a6b4827b1a8723192b4e99aa969c

Reference

The source directory and the cache directory must be distinct

The sourceDirectory and the persistentCacheManagerDirectory (if any) must be distinct. While it is possible, though probably unusual, to enable persistent caching of local metadata, do NOT rely on the same directory for both the source and the cache. This would cause the removal of cached metadata to actually remove the underlying metadata from your system.

Attribute

Type

Default

Description

Attribute

Type

Default

Description

sourceDirectory

String



Convenience mechanism for wiring a FilesystemLoadSaveManager, loading from the specified source directory in the local filesystem. This attribute will be ignored if sourceManagerRef is also specified.  Either this attribute or sourceManagerRef is required.

sourceManagerRef

Bean ID



Identifies the Spring bean for the XMLObjectLoadSaveManager which serves as the local source of metadata.  Either this attribute or sourceDirectory is required.

sourceKeyGeneratorRef

Bean ID

internal default instance

Identifies a Spring bean for a Function which generates the string key used with the XMLObjectLoadSaveManager. The internal default implementation produces the lower-case hex-encoded SHA-1 digest of the entityID of the input criterion.  If the manager was effectively specified via sourceDirectory, then the internal default implementation suffixes this source key with ".xml".