Matadata aggregator , federation named groupID for filters
Jehan PROCACCIA
jehan.procaccia at tem-tsp.eu
Fri Jun 18 11:59:13 UTC 2021
Ian Young" <ian at iay.org.uk> wrote :
>Yes, there are a number of incompatibilities (the API will be finalised, I hope, in 0.10.0 but certainly in 1.0.0). The release notes cover these, but starting fresh can make sense too. It's a pity I don't have an >example a bit closer to what you're doing. "Aggregate and Republish" is worth looking at, though (see below).
Yes, an example config to assemble MD for a self hosted federation (bundle of IDPs + SPs ) whould be grealty appreciated .
>The issue here is that in order to set properties on a bean as XML attributes rather than nested <property> elements you need to use the "p:" namespace. Unfortunately that particular example doesn't >define it, although one of the other examples (Aggregate and Republish) does. So, from Aggregate and Republish:
>
>Attributes which are part of Spring XML configuration are given without a namespace, XML attributes setting bean properties are part of the "p:" namespace. This means that the names can't clash.
Ok, I added the load of the p: namespace with xmlns:p = " [ http://www.springframework.org/schema/p | http://www.springframework.org/schema/p ] "
But still , it fails now on another error :
[aggregator-cli]# ./mda.sh ../config-imt.xml main
ERROR - Unable to initialize Spring context
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 21 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 45; cvc-complex-type.2.4.a: Invalid content was found starting with element '{"http://www.springframework.org/schema/beans":property}'. One of '{"http://www.springframework.org/schema/beans":import, "http://www.springframework.org/schema/beans":alias, "http://www.springframework.org/schema/beans":bean, WC[##other:"http://www.springframework.org/schema/beans"]}' is expected.
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE]
Here is my current version of the MA1 config file , do you see where it could be wrong, and does it serve my purpose to aggregate IDPs and SPs from metadataDirectory => /root/xml/fede-imt-metadata-git/ ? :
[aggregator-cli]# cat ../config-imt.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans default-init-method="initialize"
xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="readLocalMetadata" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage"
p:id="readLocalMetadata" p:parserPool-ref="parserPool" p:source-ref="localMetadataDirectory"/>
<!-- Configuration Options for the metadata aggregation process -->
<bean id="metadataDirectory" class="java.io.File">
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/>
</bean>
<!-- First, we define the stages for our pipeline -->
<!-- My initial 0.7 JP <bean id="readIn" p:id="readIn" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> -->
<bean id="source" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/>
<property name="id" value="source"/>
<property name="parserPool">
<bean class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/>
</property>
<property name="source">
<bean class="java.io.File">
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/>
</bean>
</property>
</bean>
<!-- Configuration Options for the metadata aggregation process -->
<bean id="metadataDirectory" class="java.io.File">
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/>
</bean>
<bean id="createEntitiesDescriptor" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorAssemblerStage">
<property name="id" value="createEntitiesDescriptor"/>
</bean>
<bean id="generateContentReferenceId" class="net.shibboleth.metadata.dom.saml.GenerateIdStage">
<property name="id" value="generateContentReferenceId" />
</bean>
<bean id="signMetadata" class="net.shibboleth.metadata.dom.XMLSignatureSigningStage">
<property name="id" value="signMetadata"/>
<property name="privateKey">
<bean class="net.shibboleth.ext.spring.factory.PrivateKeyFactoryBean">
<property name="resource">
<bean class="org.springframework.core.io.FileSystemResource">
<constructor-arg>
<bean class="java.io.File">
<constructor-arg value="path/to/private-key.pem"/>
</bean>
</constructor-arg>
</bean>
</property>
</bean>
</property>
</bean>
<bean id="serialize" class="net.shibboleth.metadata.pipeline.SerializationStage">
<property name="id" value="serializeIdPs"/>
<property name="outputFile">
<bean class="java.io.File">
<constructor-arg value="/root/xml/fede-imt-metadata-git/Downloads/fede-imt-aggregate.xml"/>
</bean>
</property>
<property name="serializer">
<bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer" />
</property>
</bean>
<!-- Next we define a pipeline with all the stages in it -->
<bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline" init-method="initialize">
<property name="id" value="main"/>
<property name="stages">
<list>
<ref bean="source"/>
<ref bean="removeInvalidContactPerson"/>
<ref bean="removeOrganization"/>
<ref bean="createEntitiesDescriptor"/>
<ref bean="generateContentReferenceId" />
<ref bean="signMetadata"/>
<ref bean="serialize" />
</list>
</property>
</bean>
</beans>
Thanks .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210618/71ea1de1/attachment.htm>
More information about the users
mailing list