Skip to Content.
Sympa Menu

shibboleth-dev - Any thoughts about a status handler?

Subject: Shibboleth Developers

List archive

Any thoughts about a status handler?


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: Any thoughts about a status handler?
  • Date: Wed, 3 Oct 2007 16:25:44 -0400
  • Organization: The Ohio State University

I'm working on some kind of Status/Diagnostic handler for the SP, and I'm
still not sure exactly what would be useful to build. I want something, but
not sure exactly what, so any suggestions would be helpful.

Ideally, I'd like to be able to report statistics of various kinds, but that
may be beyond my ability right now. Still worth hearing what would be useful
though, even if I can't do it yet. (Of course if somebody wants to volunteer
to help, that's fine too.)

Obviously, I'd like as much as possible to be able to have this thing report
back in such a way that if it "worked", you would have some reason to think
the SP was operating well, but that's got some limitations, at least on some
web servers. It is my intent that you'd use it out of the box after install
so that you don't waste time configuring everything else in detail before
you even have it set up and answering to something.

(It will definitely tell you if shibd is up, so no worries there, part of it
will depend on that being available.)

My thought was to have it take some parameters to allow a few different
kinds of status checks, and return XML so that it could return different
information at the same time, partial results, that kind of thing.

Some of the stuff I've thought about:

- basic liveness check, including shibd
- check of back-end cache database, if any
- simple metadata queries to ensure entities and roles are "known" at
runtime
- return settings in effect for particular URLs, in effect testing what the
RequestMap is being told to do
- summarizing configured SSO endpoints

None of that is particularly complicated to do now. Note that a given Status
endpoint would be specific to a given Application, since that's how the
handler mechanism works. So each app you define gets its own by definition.

And yes, there's an acl on it, suggestions whether it should default to
localhost also welcome.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page