IdP - EntityAttributes - Predicate - Regex filter for federation SPs

Martin Lunze martin.lunze at tu-dresden.de
Fri Jul 13 07:47:16 EDT 2018


Hi Scott,

thanks again for your answer.

I have changed my config now to use one single 
LocalDynamicMetadataProvider instead of one separatly 
FilesystemMetadataProvider for every SP.

>         <MetadataProvider id="LOCALMD"
>                 xsi:type="LocalDynamicMetadataProvider"
>                 sourceDirectory="%{idp.home}/metadata/local">
>                 <MetadataFilter xsi:type="EntityAttributes">
>                         <saml:Attribute
> Name="https://tu-dresden.de/entity-type"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue>https://tu-dresden.de/entity-type/local</saml:AttributeValue>
>                         </saml:Attribute>
> <ConditionRef>always-true</ConditionRef>
>                 </MetadataFilter>
>         </MetadataProvider>

Works great and should be a bit less work for me for the future, because 
i did not have to write all the necessary config if a new SP occurs.
Still saving his metadata in the directory and give it the name of the 
SHA1-Hash of the depending entityID.

Still looks a bit strange, all this hashes in the directory :-)

With nice regards

Martin Lunze


Am 25.04.2018 um 15:46 schrieb Cantor, Scott:
>> At the moment i add every local SPs with a single
>> FilesystemMetadataProvider.
>> Unfortunately i have no local metadata-administration tool oder
>> webservice to manage all our local metadata-files.
> That's no problem, just tag them via a filter the same way you were going to with eduGAIN.
>
>> Can you think of a solution to add such a tag in a flexible way to every
>> MetadataProvider with an ID beginning with "LOCALMD-.*"?
>> Or did i have to add the entityAttributeFilter to every MetadataProvider?
> Oh, you mean you have *every* SP loaded independently? Don't do that. Rename them all to a file named after the entityID hash and then load them all with one LocalDynamic resolver.
>
> -- Scott
>

-- 
Martin Lunze
IT-Systemadministrator

Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
Operative Prozesse und Systeme (OPS)
01062 Dresden

Tel.: +49 (351) 463-35881
E-Mail: martin.lunze at tu-dresden.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5742 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20180713/457503d5/attachment.p7s>


More information about the users mailing list