Rechercher une page de manuel
siterefresh
Langue: en
Version: 2008-10-15 (debian - 07/07/09)
Section: 1 (Commandes utilisateur)
NAME
siterefresh - Maintains metadata files referenced by shibboleth.xml.SYNOPSIS
siterefresh --url <URL> --out <pathname> [--noverify] [--cert <pathname>] [--schema <pathname>] [--rootns <XML Namespace>] [--rootname <XML element name>]DESCRIPTION
siterefresh is a simple tool used to maintain metadata files referenced by shibboleth.xml. It will return 0 only on success, and a negative number on failure and logs errors to stderr. If the data in the new metafile is unusable, schema invalid, or the signature is invalid, the existing copy is kept and not overwritten. The SP stats all metadata files each time the data is used, allowing it to detect and utilize updates in real-time during system operation.OPTIONS
siterefresh takes the following command-line options.- --url URL
- Specifies the URL of the remote metadata file with which to update the local file. https:// is not supported at this time.
- --out pathname
- Specifies the local file to which to write the new metadata.
- --noverify
- Explicitly disables the requirement for the file to be signed and allows the certificate parameter to be ommitted. If the file is signed, the signature will be verified using whatever key is supplied inside it, and an invalid signature will still result in an error, but if the file is unsigned or has a valid signature, only a warning will be logged, and the result will be success.
- --cert pathname
- Specifies the location of a certificate stored in PEM format used to validate the signature of the metadata file. Since much of Shibboleth's security flows from metadata files, this should always be used when possible, and the certificate used should be verified independently in some out of band fashion.
- --schema pathname
- Optionally defines a base path for schemas to use when validating the file. Defaults to a location based on the installation path on Unix, or \opt\shibboleth\etc\shibboleth on Windows.
- --rootns XML namespace
- Optionally defines the XML namespace of the root element expected in the new file. Normally unused, provided to support alternative metadata formats that may be backported to older releases.
- --rootname XML namespace
- Optionally defines the name of the root element expected in the new file. Normally unused, provided to support alternative metadata formats that may be backported to older releases.
EXAMPLES
A complete command issued to siterefresh might take the form:/opt/shibboleth/bin/siterefresh --out IQ-sites.xml --cert inqueue.pem \ --url http://wayf.internet2.edu/InQueue/IQ-sites.xml
It is recommended that a similar command be added to a crontab to keep the metadata files refreshed. Frequent updates will improve the security of an installation by providing immediate notification in the case a federation member becomes compromised.
AUTHORS
siterefresh is part of the Internet 2 Shibboleth project written by Scott Cantor <cantor.2@osu.edu>.COPYRIGHT AND LICENSE
Copyright 2005, 2006 Internet2/MACEThis program is free software; you may redistribute it and/or modify it under the terms of the Apache 2.0 License <http://www.apache.org/licenses>.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre