siterefresh(1)

NAME

siterefresh - Maintains metadata files referenced by shibboleth.xml.

SYNOPSIS

siterefresh --url <URL> --out <pathname> [--noverify] [--cert
<pathname>] [--schema <pathname>] [--rootns <XML Namespace>]
[--rootname <XML element name>]

DESCRIPTION

siterefresh is a simple tool used to maintain metadata files referenced by shibboleth.xml. It will return 0 only on success, and a negative
number on failure and logs errors to stderr. If the data in the new
metafile is unusable, schema invalid, or the signature is invalid, the existing copy is kept and not overwritten. The SP stats all metadata
files each time the data is used, allowing it to detect and utilize
updates in real-time during system operation.

OPTIONS

siterefresh takes the following command-line options.

--url URL
Specifies the URL of the remote metadata file with which to update the local file. https:// is not supported at this time.
--out pathname
Specifies the local file to which to write the new metadata.
--noverify
Explicitly disables the requirement for the file to be signed and
allows the certificate parameter to be ommitted. If the file is
signed, the signature will be verified using whatever key is
supplied inside it, and an invalid signature will still result in
an error, but if the file is unsigned or has a valid signature,
only a warning will be logged, and the result will be success.
--cert pathname
Specifies the location of a certificate stored in PEM format used
to validate the signature of the metadata file. Since much of
Shibboleth's security flows from metadata files, this should always be used when possible, and the certificate used should be verified independently in some out of band fashion.
--schema pathname
Optionally defines a base path for schemas to use when validating
the file. Defaults to a location based on the installation path on Unix, or \opt\shibboleth\etc\shibboleth on Windows.
--rootns XML namespace
Optionally defines the XML namespace of the root element expected
in the new file. Normally unused, provided to support alternative
metadata formats that may be backported to older releases.
--rootname XML namespace
Optionally defines the name of the root element expected in the new file. Normally unused, provided to support alternative metadata
formats that may be backported to older releases.

EXAMPLES

A complete command issued to siterefresh might take the form:
/opt/shibboleth/bin/siterefresh --out IQ-sites.xml --cert inqueue.pem \
--url http://wayf.internet2.edu/InQueue/IQ-sites.xml
It is recommended that a similar command be added to a crontab to keep the metadata files refreshed. Frequent updates will improve the
security of an installation by providing immediate notification in the case a federation member becomes compromised.

AUTHORS

siterefresh is part of the Internet 2 Shibboleth project written by
Scott Cantor <cantor.2@osu.edu>.

COPYRIGHT AND LICENSE

Copyright 2005, 2006 Internet2/MACE

This program is free software; you may redistribute it and/or modify it under the terms of the Apache 2.0 License
<http://www.apache.org/licenses>.

1.3.1 2008-10-15 SITEREFRESH(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout