[satosa-users] saml metadata refresh

When configuring a saml2 frontend or backend plugin with remote metadata (url, cert) will that metadata be automatically regularly refreshed from the configured url? If yes, is the purpose of the metadata reload endpoint (which can be enabled with enable_metadata_reload) solely to reload that metadata immediately instead of automatically refreshing it later? (I.e., nice to have but not essential.) If no, does that mean I'll always have to set enable_metadata_reload to a truthy value *and* protect that URL with web server ACLs (to avoid having my service DoS'ed remotely by triggering reload of remote metadata) *and* have to implement a cronjob or systemd timer that regularly accesses the metadata reload endpoint? I don't find anything that would trigger automatic metadata refresh in satosa, so I guess that must come from pysaml2. There's a statement in pysaml2/docs/howto/config.rst about metadata refresh when using MDQ but nothing about aggregates (metadata.remote.url). I see a reload() function defined in pysaml2/src/saml2/mdstore.py but I basically only see that being used in saml2.Entity and the changelog for 7.1.1 says "This method is to be externally invoked". Any pointers? -peter