Architecture
In the test architecture, we deploy 2 node groups, one at SURF VM infrastructure and one in GRnet infrastructure. All components in a node have public DNS records, under controle of service specifc DNS cnfiguration (see later)
Each node group consists of a of at least 4 functional components, which are deployed as docker containers to simplify roll-out:
- the Signer node, which is responsible signing entity metadata
A Signers delivers signed entity metadata upon request from the Delivery node. The Signer will hold an in memory cache of signed entities. The signer obeys SAML metadata rules to decide if resigning is needed.
If so configured a signer may use a Signing Backend system to handle the actual signing of metadata.
A node will only have 1 Signer node - the Delivery node