If something goes wrong while a potentially breaking change is being pushed through the metadata pipeline, a SAML deployment can temporarily point its metadata refresh process at the fallback aggregate and thereby gain some time while the issue is being addressed.
To leverage the legacy fallback aggregate, change your metadata config from this:
| Code Block |
|---|
| language | xml |
|---|
| title | Pointing to the main production aggregate |
|---|
|
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="%{idp.home}/metadata/InCommon-metadata.xml"> |
to this:
| Code Block |
|---|
| language | xml |
|---|
| title | Pointing to the fallback aggregate |
|---|
|
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml"
backingFile="%{idp.home}/metadata/InCommon-metadata.xml"> |
Note the above example temporarily points away from the main production aggregate. It’s rarely necessary to fall back from the preview aggregate, which is intended for leading edge systems anyway. Indeed, some breakage is expected in a pre-production environment, by definition.
| Warning |
|---|
| title | The fallback aggregate is transient |
|---|
|
| If you point to the fallback aggregate as documented here, don’t forget to revert to the main production aggregate in a timely manner. The fallback aggregate is intended to be a transient solution. If you never point away from the fallback aggregate, you lose the ability of falling back in the future. |
...