Matadata aggregator , federation named groupID for filters

Jehan PROCACCIA jehan.procaccia at
Mon Jun 28 12:17:22 UTC 2021

Hello, thanks a lot for your response, indeed there were xml mismatch and the other errors you mentioned . 
I took your sample and corrected file , just had to replace the path/to/private-key.pem and comment out in the stages list (as I did'nt provide beans definitions for those 2 stages) 
<ref bean="removeInvalidContactPerson"/> 
<ref bean="removeOrganization"/> 
Now the process does the job of aggregating my SPs and IDPs sources xml metatada [1], and apparently also sign it ! 
I guess I don't need anymore to sign the aggregate with xmlsectool now !? I did it this way after 0.7 aggregator, not necessary now ? 
./ --sign --inFile /root/xml/Downloads/fede-unsigned.xml --outFile /root/xml/Downloads/fede-signed.xml --certificate ../ssl/fede-cert.pem --key ../ssl/fede-key.pem 

Now back to my initial request , set a Name for the metadata aggregate, you mentioned a descriptorName property , but I cannot find in the doc it's description . 
can you tell me where it is defined and/or give me a sample conf ? 
I guess there is a new stage to be defined within the maim pipeline ? 

Thanks . 

[root at fededs aggregator-cli]# ./ ../config-ian.xml main 
INFO - Pipeline 'main' execution starting at Mon Jun 28 12:49:47 GMT+01:00 2021 
INFO - Pipeline 'main' execution completed at Mon Jun 28 12:49:49 GMT+01:00 2021; run time 2.105 seconds 

De: "Ian Young" <ian at> 
À: "users" <users at> 
Envoyé: Jeudi 24 Juin 2021 17:51:15 
Objet: Re: Matadata aggregator , federation named groupID for filters 

Sorry I didn't get back to you more quickly, I missed this mail somehow... 

On 2021-06-18, at 12:59, Jehan PROCACCIA < [ mailto:jehan.procaccia at | jehan.procaccia at ] > wrote: 

Ok, I added the load of the p: namespace with xmlns:p = " [ | ] " 

But still , it fails now on another error : 

[aggregator-cli]# ./ ../config-imt.xml main 
ERROR - Unable to initialize Spring context 
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 21 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 45; cvc-complex-type.2.4.a: Invalid content was found starting with element '{" [ | ] ":property}'. One of '{" [ | ] ":import, " [ | ] ":alias, " [ | ] ":bean, WC[##other:" [ | ] "]}' is expected. 
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions( ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] 

This is just an XML syntax error: 


Line 21 in XML document from URL [file:/root/aggregator-cli-0.9.2/../config-imt.xml] is invalid 



lineNumber: 21; columnNumber: 45; cvc-complex-type.2.4.a: Invalid content was found starting with element '{" [ | ] ":property} 


Your problem is that this bean definition is corrupt: 

<bean id="source" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> 
<property name="id" value="source"/> 
<property name="parserPool"> 
<bean class="" init-method="initialize"/> 
<property name="source"> 
<bean class=""> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 

Here, the first line ends with "/>" which closes the XML tag. What follows isn't nested inside the bean definition as a result and you can't have a "property" tag outside one. 

I think maybe you've cut and paste one thing inside another and ended up with invalid XML. 

You can fix this by either: 

* removing the p:property definitions from the bean tag and removing the trailing "/" so that the <property> definitions are correctly nested, or 

* remove everything from the first <property> to the </bean> and fix up the p:property values. In particular you'd need to define parserPool somewhere. 

You also have a duplicate definition of metadataDirectory just after that; as I say, this looks like a cut-and-paste accident to me. 

I've appended something that at least passes XML syntax and bean definition checks (but can't open any files); I hope that moves things along a bit. 


-- Ian 

<?xml version="1.0" encoding="UTF-8"?> 
<beans default-init-method="initialize" 
xmlns=" [ | ] " xmlns:p=" [ | ] " 
xmlns:util=" [ | ] " xmlns:xsi=" [ | ] " 
xsi:schemaLocation=" [ | ] [ | ] 
[ | ] [ | ] "> 

<!-- Configuration Options for the metadata aggregation process --> 
<bean id="metadataDirectory" class=""> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 
<bean id="localMetadataDirectory" class=""> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/"/> 

<bean id="parserPool" class="" init-method="initialize"/> 

<bean id="readLocalMetadata" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage" 
p:id="readLocalMetadata" p:parserPool-ref="parserPool" p:source-ref="localMetadataDirectory"/> 

<!-- First, we define the stages for our pipeline --> 
<!-- My initial 0.7 JP <bean id="readIn" p:id="readIn" class="net.shibboleth.metadata.dom.DomFilesystemSourceStage" p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> --> 

<bean id="source" p:id="source" 
p:source-ref="metadataDirectory" p:parserPool-ref="parserPool"/> 

<bean id="createEntitiesDescriptor" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorAssemblerStage"> 
<property name="id" value="createEntitiesDescriptor"/> 
<bean id="generateContentReferenceId" class="net.shibboleth.metadata.dom.saml.GenerateIdStage"> 
<property name="id" value="generateContentReferenceId" /> 
<bean id="signMetadata" class="net.shibboleth.metadata.dom.XMLSignatureSigningStage"> 
<property name="id" value="signMetadata"/> 
<property name="privateKey"> 
<bean class="net.shibboleth.ext.spring.factory.PrivateKeyFactoryBean"> 
<property name="resource"> 
<bean class=""> 
<bean class=""> 
<constructor-arg value="path/to/private-key.pem"/> 
<bean id="serialize" class="net.shibboleth.metadata.pipeline.SerializationStage"> 
<property name="id" value="serializeIdPs"/> 
<property name="outputFile"> 
<bean class=""> 
<constructor-arg value="/root/xml/fede-imt-metadata-git/Downloads/fede-imt-aggregate.xml"/> 
<property name="serializer"> 
<bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer" /> 
<!-- Next we define a pipeline with all the stages in it --> 
<bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline" init-method="initialize"> 
<property name="id" value="main"/> 
<property name="stages"> 
<ref bean="source"/> 
<ref bean="removeInvalidContactPerson"/> 
<ref bean="removeOrganization"/> 
<ref bean="createEntitiesDescriptor"/> 
<ref bean="generateContentReferenceId" /> 
<ref bean="signMetadata"/> 
<ref bean="serialize" /> 

For Consortium Member technical support, see 
To unsubscribe from this list send an email to users-unsubscribe at 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list