Hi All,
I've installed the 2.1 IDP with the view to migrating from 1.3
in the near future. It seems
to run fine in general but every now and again it takes 10-30 seconds
for the IDP to respond to
a new authentication request.
Looking at the logs, this seems to correspond to cached metadata
expiring. I've tested this by
periodically testing access to the idp before and after the expiry time
and the hang in the browser
corresponds to the period after "Converting DOM to a string" in the logs.
Should the ukfederation metadata be expiring this often and if so how
would I configure shibboleth
to grab a new copy automatically? Otherwise can I give it a greater TTL
as it were so that it's refreshed
before it expires.
Cheers,
Duncan
12:58:58.940 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:200] - Cached
metadata is stale, refreshing
12:58:58.941 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:228] -
Refreshing cache of metadata from URL
http://metadata.ukfederation.org.uk/ukfederation-metadata.xml, max cache
duration set to 2880 seconds
12:58:58.942 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:271] -
Fetching metadata document from remote server
12:59:01.460 - DEBUG
[org.opensaml.xml.signature.impl.SignatureUnmarshaller:55] - Starting to
unmarshall Apache XML-Security-based SignatureImpl element
12:59:01.461 - DEBUG
[org.opensaml.xml.signature.impl.SignatureUnmarshaller:61] -
Constructing Apache XMLSignature object
12:59:01.462 - DEBUG
[org.opensaml.xml.signature.impl.SignatureUnmarshaller:67] - Adding
canonicalization and signing algorithms, and HMAC output length to Signature
12:59:01.463 - DEBUG
[org.opensaml.xml.signature.impl.SignatureUnmarshaller:74] - Adding
KeyInfo to Signature
12:59:07.537 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:284] -
Unmarshalled metadata from remote server
12:59:07.539 - DEBUG
[org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:106]
- Writting retrieved metadata to backup file
/usr/local/shibboleth-2.1/metadata/ukfederation-metadata.xml
12:59:07.539 - DEBUG
[org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:158]
- Converting DOM to a string
12:59:25.307 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:233] -
Calculating expiration time
12:59:25.462 - DEBUG
[org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:236] -
Metadata cache expires on 2009-09-07T13:47:25.309+01:00
--
The University of St Andrews is a charity registered in Scotland : No SC013532
|