Recently the AAF has completed building our highly available Metadata distribution service across a number of servers situated throughout Australia.
This article will guide you through the modifications necessary to make your SP utilise this service instead of the older manager[.test].aaf.edu.au URL.
This is change we recommend you do during a maintenance window. Please contact AAF support if you need any further details.
To get started locate your Shibboleth SP configuration directory, generally /etc/shibboleth
Updates for Metadata
- Edit the file shibboleth2.xml
- Find the following within the MetadataProvider tag:
(you might also have metadata.aaf.signed.minimal.xml or metadata.aaf.signed.xml in your URL these are all roughly equivalent and all need to use the same new URL below)
- Change this to be:
- Save the file an exit
You should now restart your shibd daemon. When it comes back online it will be using the highly available sources for AAF metadata as we've configured above ensuring any chance of outage during maintenance windows or unscheduled outages of core AAF services such as Federation Registry are reduced to almost nil.
If you restart shibd, and your metadata is not updating, and you are seeing SSL related errors in shibd's logs, you may need to import the SSL certificate for the Certificate Authority used to sign the certificate on the AAF Distribution Service. On most recent operating system releases, such as Red Hat Enterprise Linux 6, this should not be necessary, but this may be necessary on older operating systems. The process is different for each operating system, so if you encounter such an issue, you should log a support call with AAF support firstname.lastname@example.org to help you resolve the issue.