Details
-
Story
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
R5 - 11/29: Comp Meta Provider, MVP 3 - 8/9 - 8/23, MVP 3 - 8/23 - 8/30, Release 5: 11/1 to 11/15, Release 5 - 12/13 Beg Del Adm:
Description
Implement the front end functionality and interaction with the back end for the FileSystemMetadataProvider.
Requirements/Acceptance Criteria:
Wizard
Wizard Navigation
Navigation consist of two actions, Back and Next.
- If the Metadata Provider Add form is displayed, there is no Back action and clicking the Next action will display the Common Attributes Add Form.
- If the Common Attributes Add Form is displayed, clicking the Back action will display the Metadata Provider Add Form or clicking the Next action will display the Dynamic Attributes Add Form.
- If the Dynamic Attributes Add Form is displayed, clicking the Back action will display the Common Attributes Add Form or clicking the Next action will display the HTTP Attributes Add Form
- If the HTTP Attributes Add Form is displayed, clicking the Back action will display the Dynamic Attributes Add Form or clicking the Next action will display the Metadata Filter Plugins Add Form
- If the Metadata Filter Plugins Add Form is displayed, clicking the Back action will display the HTTP Attributes Add Form or clicking the Next action will display the Finish Summary Form
- If the Finish Summary Form is displayed, clicking the Back action will display the Metadata Filter Plugins Add Form and there is no available Next action.
Add Metadata Provider Form
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Metadata Provider Name | 'Metadata Provider Name (Dashboard Display Only) *' | Text box | Required | Metadata Provider Name | |
Metadata Provider Type | 'Metadata Provider Type *' | Selection List Contains: * FileBackedHttpMetadataProvider
|
Required | Metadata Provider Type |
Common Attributes Add Form
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
ID | ID *** | Text box | Required | Identifier for logging, identification for command line reload, etc. | |
Metadata URL | Metadata URL *** | Text box | Required | The URL identifier for the metadata file to be loaded | |
Require Valid Metadata | Require Valid Metadata? | Boolean | True | Whether candidate metadata found by the resolver must be valid in order to be returned (where validity is implementation specific, but in SAML cases generally depends on a validUntil attribute.) If this flag is true, then invalid candidate metadata will not be returned. | |
Fail Fast Initialization | Fail Fast Initialization? | Boolean | True | Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does. |
Dynamic Attributes Add Form
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Refresh Delay Factor | Refresh Delay Factor | Text box | Numeric Must be between 0.0 and 1.0, not including '0.0' or '1.0' |
A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata's expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay. | |
Min Cache Duration | Min Cache Duration | List Selection containing: * PT0S
|
The minimum duration for which metadata will be cached before it is refreshed. | ||
Max Cache Duration | Max Cache Duration | List Selection containing: * PT0S
|
The maximum duration for which metadata will be cached before it is refreshed. | ||
Max Idle Entity Data | Max Idle Entity Data | List Selection containing: * PT0S
|
The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. | ||
Remove Idle Entity Data | Remove Idle Entity Data? | Boolean | True | Flag indicating whether idle metadata should be removed. | |
Cleanup Task Interval | Cleanup Task Interval | List Selection containing: * PT0S
|
The interval at which the internal cleanup task should run. This task performs background maintenance tasks, such as the removal of expired and idle metadata. | ||
Persistent Cache Manager Directory | Persistent Cache Manager Directory | Bean Id | The optional manager for the persistent cache store for resolved metadata. On metadata provider initialization, data present in the persistent cache will be loaded to memory, effectively restoring the state of the provider as closely as possible to that which existed before the previous shutdown. Each individual cache entry will only be loaded if 1) the entry is still valid as determined by the internal provider logic, and 2) the entry passes the (optional) predicate supplied via initializationFromCachePredicateRef. | ||
Initialize from Persistent Cache | Initialize from Persistent Cache in Background? | Boolean | True | Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. | |
Background Initialization from Cache Delay | Background Initialization from Cache Delay | Selection list - including: * PT0S
|
The delay after which to schedule the background initialization from the persistent cache when initializeFromPersistentCacheInBackground=true. |
Special Processing:
- If Initialize from Persistent Cache in Background? is false, Background Initialization from Cache Delay is not available for entry.
Metadata Filter Plugins Add Form
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Max Validity Interval | Max Validity Interval | Text box | Defines the window within which the metadata is valid. | ||
Require Signed Root | Require Signed Root? | Checkbox | Checked | If true, this fails to load metadata with no signature on the root XML element. | |
Certificate File | Certificate File | Text area | Must be in approved format defined in MVP1 | A key used to verify the signature. Conflicts with trustEngineRef and both of the child elements. | |
Retained Role | Retained Role | Selection List containing - 0 or more | The textual content is the XML QName of the role to be retained. Note that property replacement cannot be used on this element. |
||
Remove Roleless Entity Descriptors | Remove Roleless Entity Descriptors? | Checkbox | Checked | Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntityDescriptor> element must include at least one role descriptor. | |
Remove Empty Entity Entities Descriptors | Remove Empty Entity Entities Descriptors? | Checkbox | Checked | Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntitiesDescriptor> element must include at least one child element, either an <md:EntityDescriptor>}}element or an {{<md:EntitiesDescriptor> element. |
Finish Summary
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Save | Save | Icon - Clickable | |||
Enable Metadata Provider | Enable Metadata Provider? | Checkbox | If checkbox is clicked, the metadata provider is enabled for integration with the IdP | ||
Creation Choice | Creation Choice | Icon - Clickable | |||
Metadata Provider Name | Metadata Provider Name (Dashboard Display Only) | Text only | Displays value assigned | ||
Metadata Provider Type | Metadata Provider Type | Text only | DynamicHTTPMetadataProvider | ||
Enable this Service | Enable this Service? | Text only | If originally checked, display yes If originally not checked, display no |
||
Common Attributes | Common Attributes | Icon - Clickable | |||
ID | ID | Text only | Displays value assigned | ||
Metadata URL | Metadata URL | Text only | Displays value assigned | ||
Require Valid Metadata | Require Valid Metadata? | Text only | If originally checked, display True If originally not checked, display False |
||
Fail Fast Initialization | Fail Fast Initialization? | Text only | If originally checked, display True If originally not checked, display False |
||
Dynamic Attributes Title | Dynamic Attributes | Icon - Clickable | |||
Refresh Delay Factor | Refresh Delay Factor | Text only | Displays value assigned/selected | ||
Min Cache Duration | Min Cache Duration | Text only | Displays value selected | ||
Max Cache Duration | Max Cache Duration | Text only | Displays value selected | ||
Max Idle Entity Data | Max Idle Entity Data | Text only | Displays value selected | ||
Cleanup Task Interval | Cleanup Task Interval | Text only | Displays value selected | ||
Persistent Cache Manager Directory | Persistent Cache Manager Directory | Text only | Displays value assigned | ||
Initialize from Persistent Cache in Background | Initialize from Persistent Cache in Background? | Text only | If originally checked, display True If originally not checked, display False |
||
Background Initialization from Cache Delay | Background Initialization from Cache Delay | Text only | Displays value assigned |
Metadata Provider Updates
Metadata Provider Update
Actions
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Save | Save Changes | Button - Clickable | |||
Cancel | Cancel | Button - Clickable |
Tabs
Five tabs are included, Common Attributes, Dynamic Attributes, HTTP Attributes, Metadata Filter Plugins and Filter LIst
- If the Common Attributes - Edit form is displayed, the Common Attributes tab is highlighted and not clickable, the Dynamic Attributes, HTTP Attributes, Metadata Filter Plugins and Filter List tabs are not highlighted and are clickable.
- If the Dynamic Attributes - Edit form is displayed, the Dynamic Attributes tab is highlighted and not clickable, the Common Attributes, HTTP Attributes, Metadata Filter Plugins and Filter List tabs are not highlighted and are clickable.
- If the HTTP Attributes - Edit form is displayed, the HTTP Attributes tab is highlighted and not clickable, the Common Attributes, Dynamic Attributes, Metadata Filter Plugins and Filter List tabs are not highlighted and are clickable.
- If the Metadata Filter Plugins - Edit form is displayed, the Metadata Filter Plugins tab is highlighted and not clickable, the Common Attributes, Dynamic Attributes, HTTP Attributes and Filter List tabs are not highlighted and are clickable.
Common Attributes - Edit
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Metadata Provider Name | Metadata Provider Name (Dashboard Display Only) * | Text box | Required | Metadata Provider Name | |
Metadata Provider Type | Metadata Provider Type * | Selection List - non-clickable * FileBackedHttpMetadataProvider
|
DynamicHTTPMetadataProvider | Required | Metadata Provider Type |
Enable Metadata Provider | Enable Metadata Provider? | Checkbox | If checkbox is clicked, the metadata provider is enabled for integration with the IdP | ||
ID | ID *** | Text box | Required | Identifier for logging, identification for command line reload, etc. | |
Metadata URL | Metadata URL *** | Text box | Displays value assigned | Required | The URL identifier for the metadata file to be loaded |
Require Valid Metadata | Require Valid Metadata? | Boolean | If True was originally checked, set True to on If False was originally checked, set False to on |
Whether candidate metadata found by the resolver must be valid in order to be returned (where validity is implementation specific, but in SAML cases generally depends on a validUntil attribute.) If this flag is true, then invalid candidate metadata will not be returned. | |
Fail Fast Initialization | Fail Fast Initialization? | Boolean | If True was originally checked, set True to on If False was originally checked, set False to on |
Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does. |
Dynamic Attributes - Edit
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Refresh Delay Factor | Refresh Delay Factor | Text box | Value previously selected or entered | Numeric Must be between 0.0 and 1.0, not including '0.0' or '1.0' |
A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata's expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay. |
Min Cache Duration | Min Cache Duration | List Selection containing: * PT0S
|
Value previously selected | The minimum duration for which metadata will be cached before it is refreshed. | |
Max Cache Duration | Max Cache Duration | List Selection containing: * PT0S
|
Value previously selected | The maximum duration for which metadata will be cached before it is refreshed. | |
Max Idle Entity Data | Max Idle Entity Data | List Selection containing: * PT0S
|
Value previously selected | The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. | |
Cleanup Task Interval | Cleanup Task Interval | List Selection containing: * PT0S
|
Value previously selected | The interval at which the internal cleanup task should run. This task performs background maintenance tasks, such as the removal of expired and idle metadata. | |
Persistent Cache Manager Directory | Persistent Cache Manager Directory | Bean Id | Value previously saved | The optional manager for the persistent cache store for resolved metadata. On metadata provider initialization, data present in the persistent cache will be loaded to memory, effectively restoring the state of the provider as closely as possible to that which existed before the previous shutdown. Each individual cache entry will only be loaded if 1) the entry is still valid as determined by the internal provider logic, and 2) the entry passes the (optional) predicate supplied via initializationFromCachePredicateRef. | |
Initialize from Persistent Cache | Initialize from Persistent Cache in Background? | Boolean | If True was originally checked, set True to on If False was originally checked, set False to on |
Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. | |
Background Initialization from Cache Delay | Background Initialization from Cache Delay | Selection list - including: * PT0S
|
PT2S | The delay after which to schedule the background initialization from the persistent cache when initializeFromPersistentCacheInBackground=true. |
Special Processing:
- If Initialize from Persistent Cache in Background? is false, Background Initialization from Cache Delay is not available for entry.
HTTP Attributes - Edit
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Disregard TLS Certificate | Disregard TLS Certificate? | Boolean | If True was originally checked, set True to on If False was originally checked, set False to on |
If true, no TLS certificate checking will take place over an HTTPS connection. This attribute is incompatible with httpClientRef. (Be careful with this setting, it is typically only used during testing. See the HttpClientConfiguration topic for more information.) | |
Locked | Locked | Slide bar | Locked | ||
Max Connections Total | Max Connections Total | Enterable list - containing: 0 to 100 |
100 | The maximum total number of simultaneous connections allowed by the HTTP client's connection pool manager. This attribute is incompatible with httpClientRef. | |
Max Connections Per Route | Max Connections Per Route | Enterable list - containing: 0 to 100 |
100 | The maximum number of simultaneous connections per route allowed by the HTTP client's connection pool manager. This attribute is incompatible with httpClientRef. | |
Supported Content Types | Supported Content Types | List of Strings (comma-separated) | "application/samlmetadata+xml, application/xml, text/xml" | The MIME types supported by this provider when requesting metadata from the HTTP server. The Content-Type response header is validated against this list. This value cannot be specified as a bean property. | |
Connect Request Timeout | Connect Request Timeout | Enterable List of Duration containing: * PT0S
|
The maximum amount of time to wait for a connection to be returned from the HTTP client's connection pool manager. Set to PT0S}}to disable. This attribute is incompatible with {{httpClientRef. | ||
Connection Timeout | Connection Timeout | Enterable List of Duration containing: * PT0S
|
The maximum amount of time to wait to establish a connection with the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. | ||
Socket Timeout | Socket Timeout | Enterable List of Duration containing: * PT0S
|
The maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. | ||
Proxy Host | Proxy Host | String | The hostname of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. | ||
Proxy Port | Proxy Port | String | The port of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. | ||
Proxy User | Proxy User | String | The username used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. | ||
Proxy Password | Proxy Password | String | The password used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. | ||
HTTP Caching | HTTP Caching? | String | Valid values are 'none', 'file' or 'memory' | The type of low-level HTTP caching to perform. There are three choices: * “none” indicates the HTTP response is not cached by the client library
|
This attribute is incompatible with httpClientRef and its value may not be specified as a bean property.
Some metadata providers, most notably the reloading "batch-oriented" providers, implement HTTP caching at a higher layer and tend to work best with httpCaching="none".|
HTTP Cache Directory | HTTP Cache Directory | String | If httpCaching="file", this attribute specifies where retrieved files are to be cached. This attribute is incompatible with httpClientRef. | ||
HTTP Max Cache Entries | HTTP Max Cache Entries | Integer | If HTTP Caching = 'memory', must be 50. If HTTP Caching = 'file', must be 100. |
The maximum number of responses written to cache. This attribute is incompatible with httpClientRef. | |
HTTP Max Cache Entry Size | HTTP Max Cache Entry Size | Integer | If HTTP Caching = 'memory', must be 1048576 (1MB) If HTTP Caching = 'file', must be 10485760 (10MB) |
The maximum response body size that may be cached, in bytes. This attribute is incompatible with httpClientRef. |
Special Processing:
- If Locked is slid to the unlocked position, all fields will be opened for entry
- If HTTP Caching is 'file', HTTPCacheDirectory will require a value to be entered
Metadata Filter Plugins - Edit
Field | Label | Field Type | Default Value | Validation | Help Text |
---|---|---|---|---|---|
Max Validity Interval | Max Validity Interval | Text box | Displays value previously assigned | Defines the window within which the metadata is valid. | |
Require Signed Root | Require Signed Root? | Checkbox | If previously checked, show as checked. If previously unchecked, show as unchecked. |
If true, this fails to load metadata with no signature on the root XML element. | |
Certificate File | Certificate File | Text area | Display value previously assigned. | Must be in approved format defined in MVP1 | A key used to verify the signature. Conflicts with trustEngineRef and both of the child elements. |
Retained Role | Retained Role | Selection List containing - 0 or more | Display value previously selected | The textual content is the XML QName of the role to be retained. Note that property replacement cannot be used on this element. |
|
Remove Roleless Entity Descriptors | Remove Roleless Entity Descriptors? | Checkbox | If previously checked, show as checked. If previously unchecked, show as unchecked. |
Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntityDescriptor> element must include at least one role descriptor. | |
Remove Empty Entity Entities Descriptors | Remove Empty Entity Entities Descriptors? | Checkbox | If previously checked, show as checked. If previously unchecked, show as unchecked. |
Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntitiesDescriptor> element must include at least one child element, either an <md:EntityDescriptor>}}element or an {{<md:EntitiesDescriptor> element. |