Uploaded image for project: 'OpenSAML - C++'
  1. OpenSAML - C++
  2. CPPOST-97

skip signature check on cached copy of verified metadata at restart

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: Metadata
    • Labels:
      None
    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple
    • Web Server:
      Multiple

      Description

      The signature filter for an XML metadata provider can take a relatively long time to complete for large metadata feeds such as the InCommon metadata feed now that it contains eduGAIN, and that delay can be problematic at startup time.

      This RFE would change the shibd so that once a signature filter is successfully applied to an XML metadata provider with a 'url' option the file pointed to by 'backingFilePath' is marked as "trusted" and during a restart that local file can be read first with other filters applied but
      not the signature filter.

      The idea being that I trust my local file system to preserve the bits well enough that I do not need to check the signature again on a restart, only on subsequent downloads.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            scott.koranda@ligo.org Scott Koranda
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 hours, 55 minutes
                5h 55m