Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Using the Fallback Aggregate
Skip to end of metadata
Go to start of metadata

This wiki topic shows how to leverage the fallback aggregate, an important fail-safe component of the pipeline of metadata aggregates.

If something goes wrong while a potentially breaking change is pushed through the metadata pipeline, a production SAML deployment can temporarily point its metadata refresh process at the fallback aggregate and thereby gain some time while the issue is being addressed. To determine if a metadata migration is in progress, consult the online diff between the fallback aggregate and the main production aggregate. Of course if the two are the same, pointing away from one toward the other will have no effect.

To leverage the legacy fallback aggregate, change your metadata config from this:

Pointing to the main production aggregate
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
   xmlns="urn:mace:shibboleth:2.0:metadata"
   metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
   backingFile="%{idp.home}/metadata/InCommon-metadata.xml">

to this:

Pointing to the fallback aggregate
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
   xmlns="urn:mace:shibboleth:2.0:metadata"
   metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml"
   backingFile="%{idp.home}/metadata/InCommon-metadata.xml">

Note the above configuration temporarily points away from the main production aggregate. It’s rarely necessary to fall back from the preview aggregate, which is intended for leading edge systems where some breakage is expected by definition.

The fallback aggregate is intended to be a transient solution

If you point to the fallback aggregate as documented on this page, don’t forget to revert back to the main production aggregate in a timely manner. The fallback aggregate is intended to be a transient solution. If you never point away from the fallback aggregate, you lose the ability of falling back in the future.
  • No labels