Shibboleth Developers

[Chad La Joie <>]

How are you currently fetching your metadata?  Is it cached somewhere? 
Was that cache updated when you changed the metadata?  The code that 
uses that particular is the ShibbolethTrust code in the common.provider 
package.  You pass in a RoleDescriptor for the entity which is fetched 
from the metadata provider that you have configured.  If the provider is 
caching the data and wasn't updated that would cause the problem.  The 
trust code does not do any caching, so in theory you shouldn't need to 
restart.

Ian Young wrote:
> We had some interesting behaviour the other day when adding a new trust 
> root to our federation metadata.
>
> We've always been able to avoid restarting IdPs when we made changes to 
> the entities in the metadata, but the observation was that an addition 
> to the list of KeyInfo elements in the KeyAuthority extension didn't 
> seem to be picked up until we restarted our IdP.
>
> My recollection of what people have said before was that changes to the 
> metadata didn't require an IdP restart in 1.3.  This is backed up by the 
> wiki page:
>
> https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/IdPProductionConfiguration 
>
>
> or
>
> http://tinyurl.com/l23vk
>
> I tried trawling through the code, but for once I wasn't able to figure 
> out what the actual flow was so that I could track this down definitively.
>
> Is the wiki page right, and we just thought we saw this but the 
> behaviour was really caused by something else?  Or is this an exception 
> to the rule, intentional or otherwise?
>
> Obviously this is not the kind of change that comes up very often, so it 
> isn't a big deal either way.  I just need to understand what is 
> happening, if at all possible.
>
>     -- Ian

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124