Metadatatool Memory Problem
The Shibboleth 1.3 identity provider software includes a small Java language application called metadatatool, which is frequently used by sites to refresh their local copies of the UK federation metadata.
The UK federation metadata has grown to a point where, depending on the version of Java your site is running, metadatatool may require more than the default memory provided to Java command-line applications to process. This may result in the generation of "out of memory" or other errors in your periodic refresh tasks, and the failure to download the metadata file. Please note that there is also another different but related memory problem that can result in failure of the Shibboleth identity provider itself; that problem is documented here.
The problem can be addressed by editing the script used to call the metadatatool code; this will normally be in the bin subdirectory of your identity provider installation directory. The last line should be found to begin as follows for a Unix or Linux installation:
$JAVACMD -Djava.endorsed.dirs="$ENDORSED ...
or for a Windows installation:
%JAVACMD% -Djava.endorsed.dirs="$ENDORSED ...
You can increase the amount of memory allocated to the metadatatool application (from the default of 64MB) by inserting an appropriate option after $JAVACMD. For example, to double the amount of memory available to metadatatool in Unix or Linux:
$JAVACMD -Xmx128m -Djava.endorsed.dirs="$ENDORSED ...
and in Windows:
%JAVACMD% -Xmx128m -Djava.endorsed.dirs="$ENDORSED ...
We recommend applying this change whether or not you are currently experiencing problems with metadatatool, as the UK federation metadata is likely to continue to increase in size for the foreseeable future.