Matadata aggregator , federation named groupID for filters

Jehan PROCACCIA jehan.procaccia at tem-tsp.eu
Mon Jun 28 12:17:22 UTC 2021 

Hello, thanks a lot for your response, indeed there were xml mismatch and the other errors you mentioned . 
I took your sample and corrected file , just had to replace the path/to/private-key.pem and comment out in the stages list (as I did'nt provide beans definitions for those 2 stages) 
<ref bean="removeInvalidContactPerson"/> 
<ref bean="removeOrganization"/> 
Now the process does the job of aggregating my SPs and IDPs sources xml metatada [1], and apparently also sign it ! 
I guess I don't need anymore to sign the aggregate with xmlsectool now !? I did it this way after 0.7 aggregator, not necessary now ? 
./xmlsectool.sh --sign --inFile /root/xml/Downloads/fede-unsigned.xml --outFile /root/xml/Downloads/fede-signed.xml --certificate ../ssl/fede-cert.pem --key ../ssl/fede-key.pem 

Now back to my initial request , set a Name for the metadata aggregate, you mentioned a descriptorName property , but I cannot find in the doc it's description . 
can you tell me where it is defined and/or give me a sample conf ? 
I guess there is a new stage to be defined within the maim pipeline ? 

Thanks . 

[1] 
[root at fededs aggregator-cli]# ./mda.sh ../config-ian.xml main 
INFO - Pipeline 'main' execution starting at Mon Jun 28 12:49:47 GMT+01:00 2021 
INFO - Pipeline 'main' execution completed at Mon Jun 28 12:49:49 GMT+01:00 2021; run time 2.105 seconds 




De: "Ian Young" <ian at iay.org.uk> 
À: "users" <users at shibboleth.net> 
Envoyé: Jeudi 24 Juin 2021 17:51:15 
Objet: Re: Matadata aggregator , federation named groupID for filters 

Sorry I didn't get back to you more quickly, I missed this mail somehow... 




On 2021-06-18, at 12:59, Jehan PROCACCIA < [ mailto:jehan.procaccia at tem-tsp.eu | jehan.procaccia at tem-tsp.eu ] > wrote: 

... 
Ok, I added the load of the p: namespace with xmlns:p = " [ http://www.springframework.org/schema/p | http://www.springframework.org/schema/p ] " 

But still , it fails now on another error : 

[aggregator-cli]# ./mda.sh ../config-imt.xml main 
ERROR - Unable to initialize Spring context 
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 21 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 45; cvc-complex-type.2.4.a: Invalid content was found starting with element '{" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] ":property}'. One of '{" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] ":import, " [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] ":alias, " [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] ":bean, WC[##other:" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] "]}' is expected. 
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] 




This is just an XML syntax error: 


BQ_BEGIN

Line 21 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid 

BQ_END


BQ_BEGIN

lineNumber: 21; columnNumber: 45; cvc-complex-type.2.4.a: Invalid content was found starting with element '{" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] ":property} 

BQ_END


Your problem is that this bean definition is corrupt: 

<bean id="source" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> 
<property name="id" value="source"/> 
<property name="parserPool"> 
<bean class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/> 
</property> 
<property name="source"> 
<bean class="java.io.File"> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 
</bean> 
</property> 
</bean> 

Here, the first line ends with "/>" which closes the XML tag. What follows isn't nested inside the bean definition as a result and you can't have a "property" tag outside one. 

I think maybe you've cut and paste one thing inside another and ended up with invalid XML. 

You can fix this by either: 

* removing the p:property definitions from the bean tag and removing the trailing "/" so that the <property> definitions are correctly nested, or 

* remove everything from the first <property> to the </bean> and fix up the p:property values. In particular you'd need to define parserPool somewhere. 

You also have a duplicate definition of metadataDirectory just after that; as I say, this looks like a cut-and-paste accident to me. 

I've appended something that at least passes XML syntax and bean definition checks (but can't open any files); I hope that moves things along a bit. 

Cheers, 

-- Ian 


<?xml version="1.0" encoding="UTF-8"?> 
<beans default-init-method="initialize" 
xmlns=" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] " xmlns:p=" [ http://www.springframework.org/schema/p | http://www.springframework.org/schema/p ] " 
xmlns:util=" [ http://www.springframework.org/schema/util | http://www.springframework.org/schema/util ] " xmlns:xsi=" [ http://www.w3.org/2001/XMLSchema-instance | http://www.w3.org/2001/XMLSchema-instance ] " 
xsi:schemaLocation=" [ http://www.springframework.org/schema/beans | http://www.springframework.org/schema/beans ] [ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd | http://www.springframework.org/schema/beans/spring-beans-3.0.xsd ] 
[ http://www.springframework.org/schema/util | http://www.springframework.org/schema/util ] [ http://www.springframework.org/schema/util/spring-util-3.0.xsd | http://www.springframework.org/schema/util/spring-util-3.0.xsd ] "> 

<!-- Configuration Options for the metadata aggregation process --> 
<bean id="metadataDirectory" class="java.io.File"> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 
</bean> 
<bean id="localMetadataDirectory" class="java.io.File"> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 
</bean> 

<bean id="parserPool" class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/> 

<bean id="readLocalMetadata" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage" 
p:id="readLocalMetadata" p:parserPool-ref="parserPool" p:source-ref="localMetadataDirectory"/> 

<!-- First, we define the stages for our pipeline --> 
<!-- My initial 0.7 JP <bean id="readIn" p:id="readIn" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> --> 

<bean id="source" p:id="source" 
class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage" 
p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> 

<bean id="createEntitiesDescriptor" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorAssemblerStage"> 
<property name="id" value="createEntitiesDescriptor"/> 
</bean> 
<bean id="generateContentReferenceId" class="net.shibboleth.metadata.dom.saml.GenerateIdStage"> 
<property name="id" value="generateContentReferenceId" /> 
</bean> 
<bean id="signMetadata" class="net.shibboleth.metadata.dom.XMLSignatureSigningStage"> 
<property name="id" value="signMetadata"/> 
<property name="privateKey"> 
<bean class="net.shibboleth.ext.spring.factory.PrivateKeyFactoryBean"> 
<property name="resource"> 
<bean class="org.springframework.core.io.FileSystemResource"> 
<constructor-arg> 
<bean class="java.io.File"> 
<constructor-arg value="path/to/private-key.pem"/> 
</bean> 
</constructor-arg> 
</bean> 
</property> 
</bean> 
</property> 
</bean> 
<bean id="serialize" class="net.shibboleth.metadata.pipeline.SerializationStage"> 
<property name="id" value="serializeIdPs"/> 
<property name="outputFile"> 
<bean class="java.io.File"> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/Downloads/fede-imt-aggregate.xml"/> 
</bean> 
</property> 
<property name="serializer"> 
<bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer" /> 
</property> 
</bean> 
<!-- Next we define a pipeline with all the stages in it --> 
<bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline" init-method="initialize"> 
<property name="id" value="main"/> 
<property name="stages"> 
<list> 
<ref bean="source"/> 
<ref bean="removeInvalidContactPerson"/> 
<ref bean="removeOrganization"/> 
<ref bean="createEntitiesDescriptor"/> 
<ref bean="generateContentReferenceId" /> 
<ref bean="signMetadata"/> 
<ref bean="serialize" /> 
</list> 
</property> 
</bean> 
</beans> 



-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210628/f1216587/attachment.htm>

More information about the users mailing list