[Shib-Users] FileBackedHTTPMetadataProvider and http proxy
43 views
Skip to first unread message
Stéphane Gully
Nov 26, 2008, 3:15:03 AM11/26/08
to shibbole...@internet2.edu
Hello,
I'm trying to setup a shibb 2.0 idp behind a firewall. We have a http proxy that should be used for any http(s) requests on the Internet.
My question is about the MetadataProvider and especialy the FileBackedHTTPMetadataProvider one. As my metadataURL is located on the internet, how to configure the MetadataProvider to use our http proxy ?
I tried to configure my java tomcat like that:
JAVA_OPTS=-Dhttp.proxyHost=proxyout.inist.fr -Dhttp.proxyPort=8080
But it seams to be ignored by the MetadataProvider. I got a such exception in the logs:
08:51:20.698 - WARN [org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:101] - Unable to read metadata from remote server, attempting to read it from local backup
java.net.NoRouteToHostException: No route to host
at java.net.PlainSocketImpl.socketConnect(Native Method) [na:1.5.0_16]
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) [na:1.5.0_16]
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) [na:1.5.0_16]
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) [na:1.5.0_16]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) [na:1.5.0_16]
at java.net.Socket.connect(Socket.java:520) [na:1.5.0_16]
at java.net.Socket.connect(Socket.java:470) [na:1.5.0_16]
at java.net.Socket.<init>(Socket.java:367) [na:1.5.0_16]
at java.net.Socket.<init>(Socket.java:240) [na:1.5.0_16]
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) [commons-httpclient-3.1.jar:na]
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:277) [opensaml-2.2.2.jar:na]
at org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider.fetchMetadata(FileBackedHTTPMetadataProvider.java:99) [opensaml-2.2.2.jar:na]
...
Any help is very welcomed.
regards,
Stéphane Gully
I'm trying to setup a shibb 2.0 idp behind a firewall. We have a http proxy that should be used for any http(s) requests on the Internet.
My question is about the MetadataProvider and especialy the FileBackedHTTPMetadataProvider one. As my metadataURL is located on the internet, how to configure the MetadataProvider to use our http proxy ?
I tried to configure my java tomcat like that:
JAVA_OPTS=-Dhttp.proxyHost=proxyout.inist.fr -Dhttp.proxyPort=8080
But it seams to be ignored by the MetadataProvider. I got a such exception in the logs:
08:51:20.698 - WARN [org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:101] - Unable to read metadata from remote server, attempting to read it from local backup
java.net.NoRouteToHostException: No route to host
at java.net.PlainSocketImpl.socketConnect(Native Method) [na:1.5.0_16]
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) [na:1.5.0_16]
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) [na:1.5.0_16]
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) [na:1.5.0_16]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) [na:1.5.0_16]
at java.net.Socket.connect(Socket.java:520) [na:1.5.0_16]
at java.net.Socket.connect(Socket.java:470) [na:1.5.0_16]
at java.net.Socket.<init>(Socket.java:367) [na:1.5.0_16]
at java.net.Socket.<init>(Socket.java:240) [na:1.5.0_16]
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) [commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) [commons-httpclient-3.1.jar:na]
at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:277) [opensaml-2.2.2.jar:na]
at org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider.fetchMetadata(FileBackedHTTPMetadataProvider.java:99) [opensaml-2.2.2.jar:na]
...
Any help is very welcomed.
regards,
Stéphane Gully
Chad La Joie
Nov 26, 2008, 3:17:49 AM11/26/08
to shibbole...@internet2.edu
The HTTP providers do not support proxies currently. There is a feature
request for it already:
https://bugs.internet2.edu/jira/browse/SIDP-217
request for it already:
https://bugs.internet2.edu/jira/browse/SIDP-217
It will likely be supported in 2.2
Stéphane Gully wrote::
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch
Reply all
Reply to author
Forward
0 new messages