[satosa-users] metadata management for SATOSA with pyFF

-------- Original Message -------- Subject: Re: [satosa-users] metadata management for SATOSA with pyFF Local Time: October 13, 2017 6:50 PM UTC Time: October 13, 2017 3:50 PM From: niels.vandijk at surfnet.nl To: satosa-users at lists.sunet.se, Scott Koranda <skoranda at gmail.com> Because of how satosa handles metadata, mdq is really the only way of you have more then a handfull of idps. Otherwise the entire list of idps will be parsed on every request.

Niels Sent from my android device. -----Original Message----- From: Scott Koranda <skoranda at gmail.com> To: satosa-users at lists.sunet.se Sent: Fri, 13 Oct 2017 17:46 Subject: [satosa-users] metadata management for SATOSA with pyFF Hi, I am planning to aggregate and manage a couple of different sources of SAML metadata using pyFF to then expose it for consumption by SATOSA. My first thought was to have pyFF dump an XML of the aggregate to the file system and point SATOSA (really pysaml2) at it. But I don't see that the "local" method for SATOSA/pysaml2 to consume metadata ever refreshes what it finds on the file system--it appears to read it once but never again. I need SATOSA to be consuming "fresh" metadata at least every 24 hours. A second option might be to leverage the pysaml2 "loader" functionality and pass in my own callable for reading in the metadata from the file system periodically. But again I don't see that once pysaml2 has the internal representation of the metadata that it would ever invoke my callable again. Is that true? So what I will probably do is operate pyFF as a MDQ server and leverage the pysaml2 "mdq" functionality. How are other SATOSA deployers making sure that SATOSA has "fresh" SAML metadata? Thanks, Scott K