The Shibboleth IdP V4 software will leave support on September 1, 2024.

MetadataProviderHTTPAttributes

Owned by Scott Cantor
Last updated: Apr 24, 2023

The following attributes are common to all HTTP metadata providers (i.e., https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631638 https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631639

An HTTP metadata provider includes a default implementation of the org.apache.http.client.HttpClient interface. The attributes in the following subsections control the behavior of the default HTTP client. In most cases, the default behavior is sufficient.

To override the default client implementation, configure the following attribute:

Name

Type

Description

Name

Type

Description

httpClientRef

Bean ID

A reference to an externally defined Spring bean that specifies an org.apache.http.client.HttpClient object. This attribute conflicts with and overrides all of the other HTTP attributes. See the HttpClientConfiguration topic for more information.

Use of the httpClientRef attribute precludes the use of any and all of the HTTP attributes in the following subsections.

The following attributes apply to the HTTP connections obtained and managed by an HTTP metadata provider:

Name

Type

Default

Description

Name

Type

Default

Description

connectionRequestTimeout

Duration

Depends on provider type

The maximum amount of time to wait for a connection to be returned from the HTTP client's connection pool manager. Set to PT0S to disable.

connectionTimeout

Duration

Depends on provider type

The maximum amount of time to wait to establish a connection with the remote server. Set to PT0S to disable.

socketTimeout

Duration

Depends on provider type

The maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server. Set to PT0S to disable.

The following security-related attributes apply to any HTTP metadata provider:

Name

Type

Default

Description

Name

Type

Default

Description

disregardTLSCertificate

Boolean

false

If true, no TLS certificate checking will take place over an HTTPS connection.

Be careful with this setting, it is typically only used during testing. See the HttpClientConfiguration topic for more information.

httpClientSecurityParametersRef

Bean ID

 

A reference to an externally defined Spring bean that specifies an HttpClientSecurityParameters instance, which consolidates all HTTP security parameters including advanced TLS usage.

This attribute conflicts with and overrides any explicit TrustEngine implementation configured as an inline <TLSTrustEngine> element. See the HttpClientConfiguration topic for more information.

The following attributes configure an HTTP proxy for use with an HTTP metadata provider:

Name

Type

Description

Name

Type

Description

proxyHost

String

The hostname of the HTTP proxy through which connections will be made

proxyPort

String

The port of the HTTP proxy through which connections will be made

proxyUser

String

The username used with the HTTP proxy through which connections will be made

proxyPassword

String

The password used with the HTTP proxy through which connections will be made