LocalDynamicMetadataProvider
Overview
Identified by type="LocalDynamic"
, this MetadataProvider loads metadata on-demand from the local file system using a filename convention based on the SHA-1 hash of the entityID of the IdP.
The sourceDirectory
XML attribute is also required, to identify the directory to load from.
The deployer is responsible for populating a directory with metadata files, and this may be done while the SP is in operation. New metadata will be seen automatically the first time it is requested after being added to the directory.
This plugin is optimized to track the last modification time of any metadata file it loads and skips unnecessary reprocessing if a file hasn't been modified, so it can be tuned for very frequent refresh attempts if desired, to minimize the time needed to apply changes.
Each file should contain exactly one <EntityDescriptor>
and the name of the file should be the lowercase hex-encoded SHA-1 hash of the entityID
within that metadata.
Example generating filename with OpenSSL
$ echo -n "https://idp.example.org/idp/shibboleth" | openssl sha1
1bec942a9ca29787c26924440ad4cb8208f9b9e4
Note that it is often unnecessary to apply filters such as signature or validity constraints to a local directory of metadata because it is typically curated by hand, but it is certainly possible to do so.
Reference
Example
LocalDynamic Metadata Source
<MetadataProvider type="LocalDynamic" sourceDirectory="localDynamicDir"/>