From: cantor Date: Wed, 16 Jul 2003 15:46:05 +0000 (+0000) Subject: Added docs for MySQL cache. X-Git-Tag: 2.4~2218 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=88b9b0c98bd027729fbbb0f2bdfa9d86b9d3b682 Added docs for MySQL cache. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@642 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/doc/DEPLOY-GUIDE-TARGET.html b/doc/DEPLOY-GUIDE-TARGET.html index c5d0bcc..d8f9a09 100644 --- a/doc/DEPLOY-GUIDE-TARGET.html +++ b/doc/DEPLOY-GUIDE-TARGET.html @@ -302,6 +302,7 @@ tarball for your operating system.

Acceptance Policies
  • Using Attributes in Applications
  • siterefresh
    • +
  • MySQL Session Cache
  • @@ -407,15 +408,16 @@ requesting attributes.

    1.d. Federations

    -

    A federation provides part of the underlying trust required for function - of the Shibboleth architecture. A federation in the context of Shibboleth is - a group of organizations(universities, corporations, content providers, - etc.) who agree to exchange attributes using the SAML/Shibboleth protocols - and abide by a common set of policies and practices. In so doing, they must - implicitly or explicitly agree to a common set of guidelines. Joining a - federation is not explicitly necessary for operation of Shibboleth, but it - dramatically expands the number of targets and origins that can interact - without defining bilateral agreements between all these parties.

    +

    A federation is one way to provide part of the underlying trust required + for function of the Shibboleth architecture. A federation in the context of + Shibboleth is a group of organizations(universities, corporations, content + providers, etc.) who agree to exchange attributes using the SAML/Shibboleth + protocols and abide by a common set of policies and practices. In so doing, + they must implicitly or explicitly agree to a common set of guidelines. + Joining a federation is not explicitly necessary for operation of + Shibboleth, but it dramatically expands the number of targets and origins + that can interact without defining bilateral agreements between all these + parties.

    A federation can be created in a variety of formats and trust models, but to support Shibboleth, it must provide a certain set of services to federation members. It needs to supply a registry to process applications to @@ -1248,8 +1250,8 @@ most minor "letter" updates should be usable.

    that must elapse between user accesses before that user's session is destroyed, including the associated handle and all cached attributes. Defaults to 28800 seconds, or 8 hours. This - should be longer than the associated server's settings for session - lifetime and timeout. + should generally be longer than the associated server's settings for + session lifetime and timeout.
    logger = <pathname>
    Specifies the location of the log4cpp configuration file for Shibboleth events produced by the @@ -1329,6 +1331,18 @@ most minor "letter" updates should be usable.

    settings, as well as the Apache ShibMapAttribute command.
    +

    The [extensions:saml] section specifies a set + of extension libraries to load that add additional functionality to the + system. Examples include session cache implementations, such as the MySQL + cache, or advanced metadata providers.

    +

    [extensions:saml]:

    +
    +
    <name> = <library pathname> +
    +
    The name of the extension is simply a unique key and + is not important. The path to the library to load must be absolute and + complete.
    +

    The [policies] section contains the policy URI values that control acceptance of assertions from origin sites. This may eventually have multiple elements associated it for targets that are members @@ -1812,6 +1826,44 @@ most minor "letter" updates should be usable.

    command could be run very often without impacting target operations, providing a high degree of currency in case sites become compromised.

    +

    4.h. MySQL Session Cache

    +
    +

    Shibboleth includes a useful plugin that extends the default memory cache + for storing session data in the SHAR with a backing cache using an embedded + MySQL database. In most distributions, it is enabled by default. The plugin + can be found in the /opt/shibboleth/libexec + folder, and is loaded as an extension library using the + [extensions:saml] section of shibboleth.ini. + The following configuration options are available:

    +
    +
    mysql-cache-timeout = + <seconds>    (in [shar] section)
    +
    Specifies the duration in + seconds that must elapse between user accesses before that user's + session is purged from the persistent cache. Defaults to + 28800 seconds, or 8 hours. This should + generally be longer than the associated server's settings for session + lifetime and timeout, and the memory cache's timeout.
    +
    <MySQL Arguments>    + (one per line in [mysql] section)
    +
    To pass arguments to the MySQL engine, create + argument lines in the [mysql] section in the + form: +
    +

    arg1=<argument>
    + arg2=<argument>
    + etc...

    +
    +

    Important arguments you'll find by default include:

    +
    +

    arg1 = --language=/opt/shibboleth/share/english
    + arg2 = --datadir=/opt/shibboleth/data

    +
    +

    which set the message file path and the location of the cache's + database files respectively. Make sure the data directory exists before + starting the SHAR if you change this path.

    +
    +