Shibboleth Developers

[Tom Scavo <>]

On 7/6/05, Scott Cantor 
<>
 wrote:
> > ...
> > the metadata and gridmap files must be stored in a home directory
> > known only to GridShib (otherwise we run the risk of some process
> > clobbering them).
> 
> Why can't they go in <SHIB-HOME>/etc with everything else we install for
> permanent isolation?

Because $SHIB_HOME$ (now $IDP_HOME$) is volatile, that is, it can be
deleted by the build script.

> One of my concerns is that we take more steps to
> prevent the installer from clobbering anything in there, so once we do that,
> couldn't your files be copied into etc/ when the installer copies all the
> other base files in?

That's a possibility, yes.  I guess it depends on what steps you're
willing to take to protect the contents of etc/.  Personally, I would
never delete that directory or overwrite anything in it, even if an
interactive user says "yes" to the prompt.  It's just too easy to
shoot yourself in the foot.

> After an initial install, that's end of game. You've got no business messing
> with my config at that point anyway, so I think it's questionable that this
> buys you much, but assuming it does, I would think we could have another
> folder that contains the files to move into etc/

You convinced me earlier that mods to the IdP config are a one-time
operation, period.  Thanks for straightening me out on that, and we've
adjusted our strategy accordingly.  However, mods to the metadata file
and the gridmap files are ongoing.  AFAIK such changes will have
little or no effect on a running IdP.

We will supply tools to manage the metadata file and the gridmap
files.  (Presumably these tools will be stored in $IDP_HOME$/bin.) 
Initially, the tools will be simple scripts (if anything) that copy
the metadata file and/or the gridmap files into the tomcat webapp
directory.  For this to work, the scripts will need access to
build.properties, specifically, ${tomcat.home} and ${idp.webapp.name}.
 So this raises two additional questions:

1) Can an extension have a bin/ directory, which is automatically
copied over into the $IDP_HOME$/bin directory?

2) Can a script in $IDP_HOME$/bin have access to build.properties?

I can see some problems with the latter, but how else will scripts in
$IDP_HOME$ know where the webapp is?

Thanks,
Tom