Announcement Announcement Module
Collapse
No announcement yet.
MetadataManager should refresh provider list Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • MetadataManager should refresh provider list

    Hello,
    I've an SP that defines within metadata bean a single metadataprovider.
    This provider retrieves my federation metadata containing, in an single xml, metadata of every entities within the federation, sp and idp metadata included.

    Problems come if, during my SP startup, federation metadata are unavailable due to off-line server (ie: http code 404 calling http://federationURL/metadata); in such scenario MetadaManager ignores my metadataprovider and never refresh metadata from this provider during his refresh task (this because refreshmetadata method will be called only if setRefreshRequired returns true).

    This is how my bean definition looks like:


    Code:
      <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
            <constructor-arg>
                <list>    
                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                        <constructor-arg>
                            <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">                            
                                <!-- URL containing the metadata -->
                                <constructor-arg>                      
                                    <value type="java.lang.String">http://federationURL/metadata</value>
                                </constructor-arg>
                                <!-- Timeout per la connessione durante una richiesta di metadati (in ms) -->
                                <constructor-arg>
                                    <value type="int">60000</value>
                                </constructor-arg>
                               <!--  <constructor-arg>
                                    <value type="java.lang.String">/tmp/federation.xml</value>
                                </constructor-arg> -->
                                <property name="parserPool" ref="parserPool" />
                            </bean>
                        </constructor-arg>
                        <constructor-arg>
                            <map>
                                <entry key="urn:my-sp-entityID">
                                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                                        <property name="local" value="true"/>
                                        <property name="alias" value="my-alias"/>                            
                                        <property name="securityProfile" value="pkix" />                          
                                        <property name="sslSecurityProfile" value="pkix"/>
                                        <property name="signingKey" value="skey"/>
                                        <property name="encryptionKey" value="ekey"/>
                                        <property name="requireArtifactResolveSigned" value="true"/>
                                        <property name="requireLogoutRequestSigned" value="true"/>
                                        <property name="requireLogoutResponseSigned" value="false"/>
                                        <property name="idpDiscoveryEnabled" value="false"/>                            
                                    </bean>
                                </entry>
                                <entry key="urn:idp-entityID">
                                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
                                </entry>
                            </map>
                        </constructor-arg>
                        
                    </bean>                
    
                </list>
            </constructor-arg>
            <!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
            <!-- <property name="hostedSPName" value=""/> -->
            <property name="hostedSPName" value="urn:my-sp-entityID"/>
            <!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
            <property name="defaultIDP" value="urn:idp-entityID" />
            <!-- Intervallo di refresh dei metadati -->
            <property name="refreshCheckInterval" value="10000"/>              
            
        </bean>
    Please can you give me some tips on how to manage this scenario? I've tried FileBackedHTTPMetadataProvider but result is the same if I have not already a temp backed file.

    What do you think about forcing a refreshMetadata() call inside MetadataManager during refresh task if getProviders() has 0-lenght?

    Something like:

    Code:
         private class RefreshTask extends TimerTask {
      
              @Override
              public void run() {
      
                  try {
      
                      log.trace("Executing metadata refresh task");
      
                      // Invoking getMetadata performs a refresh in case it's needed
                      // Potentially expensive operation, but other threads can still load existing cached data
                      for (MetadataProvider provider : getProviders()) {
                          provider.getMetadata();
                      }
      
                      if(getProviders().isEmpty()){
                        setRefreshRequired(true);
                      }                  
    
                      // Refresh the metadataManager if needed
                      if (isRefreshRequired()) {
                          refreshMetadata();
                      }
      
                  } catch (Throwable e) {
                      log.warn("Metadata refreshing has failed", e);
                  }
      
              }
      
          }
    Thank you,
    Marco
    Last edited by 101000; May 29th, 2014, 09:36 AM.
Working...
X