HTTPMetadataProvider and the
FileBackedHTTPMetadataProvider load metadata from an HTTP server. Both providers can be configured to periodically check and reload the metadata if needed. This is achieved by configuring the so-called reloading attributes.
FileBackedHTTPMetadataProvider spools the metadata contents to a local backing file that serves as a secondary source of metadata. If the remote server is unavailable at startup, the backing file is loaded instead and all the configured filters are run on the backing file. If a single filter fails, the backing file is not loaded. If, for example, the signature on the backing file can not be verified, the load operation fails. The startup operation also fails if both
MetadataProvider/@failFastInitialization and service property
idp.service.metadata.failFast are set to true.
The use of the backing file
|URL||required||The URL that the metadata is served from.|
If true this means that no certificate checking will take place on the TLS link.
|Delay (ISO8601 format)||PT60S (60 seconds)||The maximum amount of time to wait for a connection to be returned from HttpClient's connection pool.|
|Delay (ISO8601 format)||PT60S (60 seconds)||DEPRECATED: Use |
|Delay (ISO8601 format)||PT60S (60 seconds)||The maximum amount of time to wait to establish a connection with the remote server.|
|Delay (ISO8601 format)||PT60S (60 seconds)||The maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server.|
|String||Hostname of the HTTP proxy through which connections will be made|
|String||Port of the HTTP proxy through which connections will be made.|
|String||Username used with the HTTP proxy through which connections will be made.|
|String||Password used with the HTTP proxy through which connections will be made.|
|String||The user name to provide, during basic authentication, when connecting to the remote server.|
|String||The password to provide, during basic authentication, when connecting to the remote server.|
Specifies the id of a TrustEngine defined elsewhere in the configuration. The Trust Engine may be specified either in custom or spring native bean syntax.
|Bean reference||This attribute conflicts with and overrides the other HttpClient-related properties: |
|Bean reference||A reference to an externally defined Spring bean which specifies an org.opensaml.security.httpclient.HttpClientSecurityParameters instance, which consolidates all HTTP security parameters, including advanced TLS usage. This can be used instead of |
|FILE BACKED PROVIDER ONLY|
|File specificaton||required||Specifies where the backing file is located. If the remote server is unavailable at startup, the backing file is loaded.|
|Boolean||true||Flag indicating whether initialization should first attempt to load metadata from backup file, if present. If true, then the foreground initialization will be performed by loading the backing file, and then a refresh from the remote HTTP server will be scheduled to execute in a background thread, after a configured delay. This can improve IdP startup times when the remote HTTP file is large in size.|
|Delay (ISO8601 format)||PT5S (5 seconds)|
Delay duration after which to schedule next HTTP refresh when initialized from backing file.
|Note that HTTP caching is a caching system layer inside the HttpClient. It acts independently to the caching-like behavior of the FileBackedHTTPMetadataProvider|
(cannot be specified by a property)
|none||Specifies whether caching is to be performed by the http client or not. If so there are two choices:|
|The maximum number of responses to cache.|
memory: 1048576 (1MB)
file: 10485760 (10MB)
|The maximum response body size which may be cached, in bytes.|