[Shib-Users] Libcurl timeout accesing metadata

3 views
Skip to first unread message

pete.ci...@credoreference.com

unread,
Aug 24, 2009, 1:35:22 PM8/24/09
to shibbole...@internet2.edu

pete.ci...@credoreference.com

unread,
Aug 24, 2009, 1:41:59 PM8/24/09
to shibbole...@internet2.edu
Hi

I have a SP version 2 with the following metadata provider configuration:

<MetadataProvider type="Chaining">
<MetadataProvider type="XML" uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
backingFilePath="ukfederation-metadata.xml" reloadInterval="43200" />
</MetadataProvider>

Occasionally when I start the shibd daemon, I will get a timeout during the load of the metadata:

2009-08-24 17:11:30 INFO OpenSAML.Metadata.Chaining : building MetadataProvider of type XML
2009-08-24 17:12:31 ERROR XMLTooling.libcurl.NetAccessor : curl NetAccessor encountered error from libcurl (28)
2009-08-24 17:12:31 ERROR XMLTooling.ParserPool : fatal error on line 66258, column 35, message: An exception occurred! Type:NetAccessorException, Message:Internal Error on NetAccessor
2009-08-24 17:12:31 ERROR OpenSAML.MetadataProvider.XML : error while loading configuration from (http://metadata.ukfederation.org.uk/ukfederation-metadata.xml): fatal error during XML parsing: An exception occurred! Type:NetAccessorException, Message:Internal Error on NetAccessor
2009-08-24 17:12:31 WARN OpenSAML.MetadataProvider.XML : using local backup of remote resource
2009-08-24 17:12:32 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (/var/run/shibboleth/ukfederation-metadata.xml)

The error occurs 60 seconds after the load attempt starts. Error 28 on libcurl is a timeout. The metadata file, which is about 8MB, takes about 90 seconds to load when I load the same URL with command-line curl. So it looks like if the metadata can't be loaded in 60 seconds or less, I will get the error.

Is there a way to increase the timeout on the MetadataProvider config?

Thanks,
Pete Ciuffetti
Credo Reference, Inc.

Scott Cantor

unread,
Aug 24, 2009, 2:03:16 PM8/24/09
to shibbole...@internet2.edu
pete.ci...@credoreference.com wrote on 2009-08-24:
> Is there a way to increase the timeout on the MetadataProvider config?

Not a particularly elegant one, but there is a way to access lower level
curl settings.

https://spaces.internet2.edu/display/SHIB2/NativeSPTransportOption

Those elements can appear in any reloadable config file reference, including
MetadataProviders.

The timeout option number is 13, according to the header file.

http://cool.haxx.se/cvs.cgi/curl/include/curl/curl.h

-- Scott


Scott Cantor

unread,
Aug 24, 2009, 2:08:36 PM8/24/09
to shibbole...@internet2.edu
BTW, not that you need it confirmed, but the default when using curl from
within the XML parser is indeed set by me to 60 seconds, so it's behaving as
expected.

I'm reluctant to bump that, but if the consensus is that doing so is better,
even if it causes hangs in other cases to take longer, I will.

-- Scott


Reply all
Reply to author
Forward
0 new messages