{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Namespace:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"urn:mace:shibboleth:2.0:metadata","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"Schema:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"http://shibboleth.net/schema/idp/shibboleth-metadata.xsd","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/schema/idp/shibboleth-metadata.xsd"}}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"maxLevel":{"value":"2"}},"macroMetadata":{"macroId":{"value":"2877984e-64e6-4ff3-bb67-38832d02d764"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"81923527-6469-4748-b9d3-fb325881b985"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"DynamicHTTPMetadataProvider","type":"text","marks":[{"type":"code"}]},{"text":" fetches entity metadata just-in-time from a remote HTTP server. The metadata request URL is constructed by applying a transform to the ","type":"text"},{"text":"entityID","type":"text","marks":[{"type":"code"}]},{"text":". The transform strategy is configurable, with a simple way to configure support for the ","type":"text"},{"text":"Metadata Query Protocol","type":"text","marks":[{"type":"link","attrs":{"href":"https://datatracker.ietf.org/doc/draft-young-md-query/"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Metadata is cached in memory subject to a complex set of interacting settings and the cache indicators within the metadata itself, and also can be saved to disk and reloaded back into memory at reload or startup time to restore the state of the cache. This isn't a fully redundant safety net but can be used as part of an overall strategy to reduce the risk of relying on remote sources in real-time. Ultimately, remote sources have to be bulletproof or there will be outages. This can be mitigated but not fully eliminated as a risk.","type":"text"}]},{"type":"paragraph","content":[{"text":"As part of this “machinery”, the default HTTP client used with this provider is the “memory-caching” variant mentioned on the ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199510442"}},{"text":" page, which automatically honors HTTP caching headers and caches results in memory. This mechanism operates independently of, and in addition to, all of the other caching behavior defined below, so bear this in mind when implementing your own metadata services for use with this provider. If you don’t want this behavior, simply define your own non-caching client to inject via the ","type":"text"},{"text":"httpClientRef","type":"text","marks":[{"type":"code"}]},{"text":" XML attribute.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Use this provider with remote metadata","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"DynamicHTTPMetadataProvider","type":"text","marks":[{"type":"code"}]},{"text":" is used with ","type":"text"},{"text":"remote metadata","type":"text","marks":[{"type":"em"}]},{"text":". See the ","type":"text"},{"text":"MetadataManagementBestPractices","type":"text","marks":[{"type":"link","attrs":{"href":"https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199507429"}}]},{"text":" topic for more information.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"expand","attrs":{"title":"Specific XML Attributes"},"content":[{"type":"table","attrs":{"layout":"full-width","localId":"22f9fe5a-e1d5-47f4-acbf-1ce0bc9c0786"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[266.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[266.0]},"content":[{"type":"paragraph","content":[{"text":"maxConnectionsTotal","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Integer","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"The maximum total number of simultaneous connections allowed by the HTTP client's connection pool manager. This attribute is incompatible with ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"httpClientRef","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[266.0]},"content":[{"type":"paragraph","content":[{"text":"maxConnectionsPerRoute","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Integer","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"The maximum number of simultaneous connections per route allowed by the HTTP client's connection pool manager. This attribute is incompatible with ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"httpClientRef","type":"text","marks":[{"type":"code"}]},{"text":". ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[266.0]},"content":[{"type":"paragraph","content":[{"text":"supportedContentTypes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"Comma-delimited Strings","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[263.0]},"content":[{"type":"paragraph","content":[{"text":"For ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" case:","type":"text"},{"type":"hardBreak"},{"text":"\"application/samlmetadata+xml”","type":"text"},{"type":"hardBreak"}]},{"type":"paragraph","content":[{"text":"For ","type":"text"},{"text":"