Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The fallback aggregate has been deprecated
InCommon maintained a "fallback" metadata aggregate in the event a breaking change to the metadata scheme was published and caused unforeseen issues with one or more metadata clients. In the event that InCommon operations needs to make a change to metadata schema that could negatively impact clients, we would create an "on-demand" instance of our metadata pipeline (likely a copy of the previous version of production with a different signing key) to allow for a temporary fallback.
This wiki topic shows how to leverage the fallback aggregate, an important fail-safe component of the pipeline of metadata aggregates.
If something goes wrong while a potentially breaking change is pushed through the metadata pipeline, a production SAML deployment can temporarily point its metadata refresh process at the fallback aggregate and thereby gain some time while the issue is being addressed. To determine if a metadata migration is in progress, consult the online diff between the fallback aggregate and the main production aggregate. Of course if the two are the same, pointing away from one toward the other will have no effect.
To leverage the legacy fallback aggregate, change your metadata config from this:
Code Block | ||||
---|---|---|---|---|
| ||||
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="%{idp.home}/metadata/InCommon-metadata.xml"> |
to this:
Code Block | ||||
---|---|---|---|---|
| ||||
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml"
backingFile="%{idp.home}/metadata/InCommon-metadata.xml"> |
Note the above configuration temporarily points away from the main production aggregate. It’s rarely necessary to fall back from the preview aggregate, which is intended for leading edge systems where some breakage is expected by definition.
title | The fallback aggregate is intended to be a transient solution |
---|
Related content
Content by Label | ||||||||
---|---|---|---|---|---|---|---|---|
|
Get help
Can't find what you are looking for?
Button Hyperlink | ||||||||
---|---|---|---|---|---|---|---|---|
|