Matadata aggregator , federation named groupID for filters

Ian Young ian at iay.org.uk
Fri Jun 18 07:32:42 UTC 2021 


> On 2021-06-17, at 21:49, Jehan PROCACCIA <jehan.procaccia at tem-tsp.eu> wrote:
> 
> Indeed MA 0.7 is quite old, so I followed your advice and upgradred to latest 0.9.2 
> before going to my initial goal (descriptorName property  as you mentioned) 

That's great.


> I want to be able to aggregate and sign my federation Metadata (IDPs and SPs) 
> I am afraid that my old MA aggregate-config.xml file is not compatible with 0.9.2 

> So I took the sample https://wiki.shibboleth.net/confluence/display/MA1/Aggregate+and+Sign
> and tried to adapt it to my purpose .

Yes, there are a number of incompatibilities (the API will be finalised, I hope, in 0.10.0 but certainly in 1.0.0). The release notes cover these, but starting fresh can make sense too. It's a pity I don't have an example a bit closer to what you're doing. "Aggregate and Republish" is worth looking at, though (see below).



> the main difference here is that I don't want to parse and sign a single MD file but aggregate a complete directory of IDPs and SPs MD files
> So I took <bean id="metadataDirectory" from my old 0.7 config in place , but call to it (source-ref="metadataDirectory") from <bean id="source" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" fails on this error : 
> 
> [aggregator-cli]# ./mda.sh ../config-imt.xml main 
> ERROR - Unable to initialize Spring context
> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 14 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 14; columnNumber: 141; cvc-complex-type.3.2.2 : L'attribut 'source-ref' n'est pas autorisé dans l'élément 'bean'.
> 
> indeed attribute "source-ref" is a patch from my old config to the sample one I took . 
> 
> here is my what I did : 
> 
> <!-- My ADD :  Configuration Options for the metadata aggregation process -->
>    <bean id="metadataDirectory" class="java.io.File">
>        <constructor-arg value="/root/xml/fede-imt-metadata-git/"/>
>    </bean>
> 
>    <!-- First, we define the stages for our pipeline -->
>    <!-- My COMMENT from initial sample  <bean id="source" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage"> -->
>            <!-- MY ADD  the following line -->
>        <bean id="source" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" source-ref="metadataDirectory" parserPool-ref="parserPool"/>

The issue here is that in order to set properties on a bean as XML attributes rather than nested <property> elements you need to use the "p:" namespace. Unfortunately that particular example doesn't define it, although one of the other examples (Aggregate and Republish) does. So, from Aggregate and Republish:

<beans default-init-method="initialize"
       xmlns="http://www.springframework.org/schema/beans <http://www.springframework.org/schema/beans>" xmlns:p="http://www.springframework.org/schema/p <http://www.springframework.org/schema/p>"
       xmlns:util="http://www.springframework.org/schema/util <http://www.springframework.org/schema/util>" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance <http://www.w3.org/2001/XMLSchema-instance>"
       xsi:schemaLocation="http://www.springframework.org/schema/beans <http://www.springframework.org/schema/beans> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd <http://www.springframework.org/schema/beans/spring-beans-3.0.xsd>
                           http://www.springframework.org/schema/util <http://www.springframework.org/schema/util> http://www.springframework.org/schema/util/spring-util-3.0.xsd <http://www.springframework.org/schema/util/spring-util-3.0.xsd>">


...

    <bean id="readLocalMetadata" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage"
        p:id="readLocalMetadata" p:parserPool-ref="parserPool" p:source-ref="localMetadataDirectory"/>


Attributes which are part of Spring XML configuration are given without a namespace, XML attributes setting bean properties are part of the "p:" namespace. This means that the names can't clash.

Hope this helps,

	-- Ian



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210618/e37aeecf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20210618/e37aeecf/attachment.p7s>

More information about the users mailing list