IdP - EntityAttributes - Predicate - Regex filter for federation SPs
Martin Lunze
martin.lunze at tu-dresden.de
Fri Jul 13 07:47:16 EDT 2018
Hi Scott,
thanks again for your answer.
I have changed my config now to use one single
LocalDynamicMetadataProvider instead of one separatly
FilesystemMetadataProvider for every SP.
> <MetadataProvider id="LOCALMD"
> xsi:type="LocalDynamicMetadataProvider"
> sourceDirectory="%{idp.home}/metadata/local">
> <MetadataFilter xsi:type="EntityAttributes">
> <saml:Attribute
> Name="https://tu-dresden.de/entity-type"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue>https://tu-dresden.de/entity-type/local</saml:AttributeValue>
> </saml:Attribute>
> <ConditionRef>always-true</ConditionRef>
> </MetadataFilter>
> </MetadataProvider>
Works great and should be a bit less work for me for the future, because
i did not have to write all the necessary config if a new SP occurs.
Still saving his metadata in the directory and give it the name of the
SHA1-Hash of the depending entityID.
Still looks a bit strange, all this hashes in the directory :-)
With nice regards
Martin Lunze
Am 25.04.2018 um 15:46 schrieb Cantor, Scott:
>> At the moment i add every local SPs with a single
>> FilesystemMetadataProvider.
>> Unfortunately i have no local metadata-administration tool oder
>> webservice to manage all our local metadata-files.
> That's no problem, just tag them via a filter the same way you were going to with eduGAIN.
>
>> Can you think of a solution to add such a tag in a flexible way to every
>> MetadataProvider with an ID beginning with "LOCALMD-.*"?
>> Or did i have to add the entityAttributeFilter to every MetadataProvider?
> Oh, you mean you have *every* SP loaded independently? Don't do that. Rename them all to a file named after the entityID hash and then load them all with one LocalDynamic resolver.
>
> -- Scott
>
--
Martin Lunze
IT-Systemadministrator
Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
Operative Prozesse und Systeme (OPS)
01062 Dresden
Tel.: +49 (351) 463-35881
E-Mail: martin.lunze at tu-dresden.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5742 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20180713/457503d5/attachment.p7s>
More information about the users
mailing list