Versions Compared

Old Version 12

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version Current

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In both cases, the value of a response header is used as the value of a subsequent request header. For example, note the Last-Modified and ETag headers in the response to this HEAD request for InCommon metadata:

Code Block
languagebash

$ MD_LOCATION=http://md.incommon.org/InCommon/InCommon-metadata.xml
$ /usr/bin/curl --silent --head $MD_LOCATION
HTTP/1.1 200 OK
Date: Tue, 30 Dec 2014 19:25:39 GMT
Server: Apache
Last-Modified: Mon, 29 Dec 2014 20:24:24 GMT
ETag: "110328-b28945-50b60a9050e00"
Accept-Ranges: bytes
Content-Length: 11700549
Connection: close
Content-Type: application/samlmetadata+xml

If we take the value of the Last-Modified header from the previous response as the value of the If-Modified-Since header in the following request, we receive a 304 response (and no content) from the server:

Code Block
languagebash

$ /usr/bin/curl --silent --head $MD_LOCATION \
     --header 'If-Modified-Since: Mon, 29 Dec 2014 20:24:24 GMT'
HTTP/1.1 304 Not Modified
Date: Tue, 30 Dec 2014 19:26:20 GMT
Server: Apache
Connection: close
ETag: "110328-b28945-50b60a9050e00"

Similarly, if we take the value of the ETag header from the previous response as the value of the If-None-Match header in the following request, we again receive a 304 response:

Code Block
languagebash

$ /usr/bin/curl --silent --head $MD_LOCATION \
     --header 'If-None-Match: "110328-b28945-50b60a9050e00"'
HTTP/1.1 304 Not Modified
Date: Tue, 30 Dec 2014 19:26:58 GMT
Server: Apache
Connection: close
ETag: "110328-b28945-50b60a9050e00"

The use of conditional GET has significant benefits, on both the client and the server (and the intervening network as well). On the InCommon metadata server, roughly 3/4 of all metadata requests result in HTTP 304. That translates into many thousands of metadata requests per day that conveniently avoid the unnecessary overhead of metadata refresh. For a file whose size is more than 11MB large and growing, that represents a significant cost savings.

...

Let's use the script to illustrate HTTP conditional GET (as we did with curl above). Here's how to fetch and cache a metadata file:

Code Block
languagebash

$ echo $MD_LOCATION
http://md.incommon.org/InCommon/InCommon-metadata.xml
$ cget.sh -H $MD_LOCATION
HTTP/1.1 200 OK
Date: Tue, 30 Dec 2014 19:28:30 GMT
Server: Apache
Last-Modified: Mon, 29 Dec 2014 20:24:24 GMT
ETag: "110328-b28945-50b60a9050e00"
Accept-Ranges: bytes
Content-Length: 11700549
Connection: close
Content-Type: application/samlmetadata+xml

Subsequent requests will produce HTTP 304 responses as long as the metadata file does not change:

Code Block
languagebash

$ cget.sh -H $MD_LOCATION
HTTP/1.1 304 Not Modified
Date: Tue, 30 Dec 2014 19:29:01 GMT
Server: Apache
Connection: close
ETag: "110328-b28945-50b60a9050e00"

Later versions of Shibboleth (at least IdP 2.2 and SP 2.4) implement HTTP conditional GET (and more) so the above script is not particularly useful unless you're running something other than Shibboleth. For instance, simpleSAMLphp does everything except HTTP conditional GET, so users of simpleSAMLphp might find the above script useful.

Attachments