Merge pull request #164 from swedenconnect/feature/IS-160-fail-fast

IS-160 Added fail-fast config setting for metadata providers
swedenconnect · Oct 26, 2023 · daf1399 · daf1399
2 parents 84ed5e6 + b9706bd
commit daf1399
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/authn/saml/README.md b/authn/saml/README.md
@@ -107,6 +107,7 @@ The [MetadataProviderConfiguration](https://github.com/swedenconnect/signservice
 | `file` | A full path to locally stored metadata. Mutually exclusive with `url` above. | - |
 | `backup-location` | Optional property. If `url` is assigned, this setting points to a backup file where the downloaded data should be saved. If the `mdq` flag has been set, this property should point to a directory and not a file. | - |
 | `mdq` | Optional property. If a metadata URL has been configured, setting this flag means that the metadata [MDQ protocol](https://www.ietf.org/id/draft-young-md-query-17.html) is used. | `false` |
+| `fail-fast` | Optional property. Sets whether problems during initialization should cause the provider to fail or go on without metadata. The assumption being that in most cases a provider will recover at some point in the future. | `false` |
 | `http-proxy.*` | An optional HTTP proxy configuration. Should be assigned if the service is deployed behind a HTTP proxy. For settings see below. | . 
 | `additional[]` | A list of additional metadata providers. Using this feature a chained metadata provider will be created where several sources of metadata will be used. | An empty list. |
 

diff --git a/...in/java/se/swedenconnect/signservice/authn/saml/config/MetadataProviderConfiguration.java b/...in/java/se/swedenconnect/signservice/authn/saml/config/MetadataProviderConfiguration.java
@@ -90,6 +90,14 @@ public class MetadataProviderConfiguration {
   @Nullable
   private Boolean mdq;
 
+  /**
+   * Sets whether problems during initialization should cause the provider to fail or go on without metadata. The
+   * assumption being that in most cases a provider will recover at some point in the future. The default is
+   * {@code false}.
+   */
+  @Nullable
+  private Boolean failFast;
+
   /**
    * If the service is placed behind a HTTP proxy, this setting configures the proxy.
    */
@@ -164,6 +172,9 @@ else if (StringUtils.isNotBlank(this.file)) {
       else {
         throw new IllegalArgumentException("Illegal metadata provider configuration - url or file must be set");
       }
+      if (this.failFast != null) {
+        provider.setFailFastInitialization(this.failFast.booleanValue());
+      }
       provider.setPerformSchemaValidation(false);
       provider.initialize();
 

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -288,6 +288,7 @@ signservice:
         url: https://eid.svelegtest.se/metadata/mdx/role/idp.xml
         backup-location: ${SIGNSERVICE_HOME}/sandbox-metadata.xml
         validation-certificate: classpath:sandbox/sandbox-metadata.crt
+        fail-fast: true
 
   #
   # Both engines use SAML as the authentication handler, and even though each engine