Manually managed metadata files and metadata refresh
731 views
Skip to first unread message
Mike G.
Nov 21, 2014, 7:58:14 PM11/21/14
to simple...@googlegroups.com
I understand how/why one uses metarefresh and cron to grab new copies of metadata from URL sources, and load a new copy into the configured directory. But what if one has manually managed metadata files, just managed within SimpleSAML's metadata directory, that one has configured into config.php? In our case, SAMLv2 metadata files, with an enclosing EntitiesDescriptor and several EntityDescriptors within that. What does one need to do in order to get SimpleSAMl to see if it needs to reread those files and cache a new version? Is cacheDuration the one thing that causes SimpleSAML to check for an update?
Thijs Kinkhorst
Nov 22, 2014, 12:33:29 PM11/22/14
to simple...@googlegroups.com
Hi Mike,
simpleSAMLphp's metadata/ directory always contains PHP config files
(saml20-idp-remote.php & friends), never unprocessed XML files.
You can configure them either by hand, or use the "XML to simpleSAMLphp
metadata converter" you will find on the Federation tab of your
simpleSAMLphp install.
They're automatically reread whenever changed.
Cheers,
Thijs
(saml20-idp-remote.php & friends), never unprocessed XML files.
You can configure them either by hand, or use the "XML to simpleSAMLphp
metadata converter" you will find on the Federation tab of your
simpleSAMLphp install.
They're automatically reread whenever changed.
Cheers,
Thijs
Mike G.
Nov 22, 2014, 2:42:10 PM11/22/14
to simple...@googlegroups.com
Actually, it works fine to put actual SAMLv2 metadata files in the SSP /metadata directory, and reference them in config.php. I'm doing that now, and it works. But perhaps that is the limitation, that SSP does that "conversion" to the SSP PHP format when it starts up, and then if I change the underlying file it converted from, that doesn't trigger a re-conversion? That an "auto-conversion" only happens on startup?
So if I actually did the conversion myself, and had it configured to read the already converted file rather than the "raw SAMLv2 metadata" file, then it would auto-reread if the timestamp of the resulting PHP config file changes, as per your response?
Dick Visser
Nov 22, 2014, 4:07:20 PM11/22/14
to simplesamlphp
On 22 November 2014 at 18:33, Thijs Kinkhorst
https://github.com/simplesamlphp/simplesamlphp/blob/master/config-templates/config.php#L583
--
Dick Visser
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488
GÉANT Association
Networking. Services. People.
Learn more at: http://www.géant.org
<thijs.k...@surfnet.nl> wrote:
> Hi Mike,
>
> On 22-11-14 01:58, Mike G. wrote:
>> I understand how/why one uses metarefresh and cron to grab new copies of
>> metadata from URL sources, and load a new copy into the configured
>> directory. But what if one has manually managed metadata files, just
>> managed within SimpleSAML's metadata directory, that one has configured
>> into config.php? In our case, SAMLv2 metadata files, with an enclosing
>> EntitiesDescriptor and several EntityDescriptors within that. What does
>> one need to do in order to get SimpleSAMl to see if it needs to reread
>> those files and cache a new version? Is cacheDuration the one thing that
>> causes SimpleSAML to check for an update?
>
> simpleSAMLphp's metadata/ directory always contains PHP config files
> (saml20-idp-remote.php & friends), never unprocessed XML files.
Actually, this is not true, that directory can also hold metadata in XML format:
> Hi Mike,
>
> On 22-11-14 01:58, Mike G. wrote:
>> I understand how/why one uses metarefresh and cron to grab new copies of
>> metadata from URL sources, and load a new copy into the configured
>> directory. But what if one has manually managed metadata files, just
>> managed within SimpleSAML's metadata directory, that one has configured
>> into config.php? In our case, SAMLv2 metadata files, with an enclosing
>> EntitiesDescriptor and several EntityDescriptors within that. What does
>> one need to do in order to get SimpleSAMl to see if it needs to reread
>> those files and cache a new version? Is cacheDuration the one thing that
>> causes SimpleSAML to check for an update?
>
> simpleSAMLphp's metadata/ directory always contains PHP config files
> (saml20-idp-remote.php & friends), never unprocessed XML files.
https://github.com/simplesamlphp/simplesamlphp/blob/master/config-templates/config.php#L583
--
Dick Visser
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488
GÉANT Association
Networking. Services. People.
Learn more at: http://www.géant.org
Thijs Kinkhorst
Nov 24, 2014, 3:19:07 AM11/24/14
to simple...@googlegroups.com
On 22-11-14 22:06, Dick Visser wrote:
> Actually, this is not true, that directory can also hold metadata in XML format:
>
> https://github.com/simplesamlphp/simplesamlphp/blob/master/config-templates/config.php#L583
Wow. Learnt something new.
> Actually, this is not true, that directory can also hold metadata in XML format:
>
> https://github.com/simplesamlphp/simplesamlphp/blob/master/config-templates/config.php#L583
Thijs
Reply all
Reply to author
Forward
0 new messages