#72 SAML Client installer should not copy idp metadata
Opened 7 years ago by simo. Modified 5 years ago

The current client installer works by copying the idp metadata to a static file.
Now that the metadata is regenerated on the fly and has expiration times the installer should stop copying it and instead configure mod_auth_mellon with the URL where the IdP metadata is exposed so that it can automatically refresh the metadata as required.

Fields changed

milestone: => 1.0 m3

I don't see any capability for mod_auth_mellon to use a URL for the metadata. The nearest thing I see is the MellonDiscoveryURL directive used for an IdP discovery service, but that is for selecting amongst multiple IdPs:


The consensus upstream is that this is best done by a cronjob. Details are in the mod_mellon mailing list thread here:


design_link: =>

Fields changed

milestone: 1.0 m3 => 1.0

Fields changed

milestone: 1.0 m4 => Backlog

Metadata Update from @nkinder:
- Issue set to the milestone: Backlog

5 years ago

Login to comment on this ticket.