Skip to end of metadata
Go to start of metadata

The example configurations provided here are intended to demonstrate techniques rather than provide real functionality. Most make assumptions about reading and writing from local files under the path/to path.

Configuration

Description

Aggregate and Sign

Reads an XML file, removes any person or organization contact information, wraps it in an EntitiesDescriptor and signs the file.

Filter Aggregate

Reads in the UK federation metadata aggregate, verifies its signature, removes the shibboleth.net entities, removes all roles except IDPSSODescriptor, AttributeAuthorityDescriptor, SPSSODescriptor, and removes any person or organization contact information.

Aggregate and Republish

Reads in the US, UK, and local metadata and for each one checks the signature (and fails if the signature is bad), validates the validUtil constraint, disassembles al EntityDescriptors, and validates the schema of each EntityDescriptor. Then all the inputs are merged together and schema invalid items logged and removed. Finally, three output streams are constructed, one that contains all entities, one that contains only IdPs, and one that contains only SP. Each stream is assembled into an EntitiesDescriptor, a validUntil constraints is added, and the entire thing is signed and written out to a file. Also demonstrates various ways to remove some of the verbosity of Spring bean files.

Sign using PKCS#11Demonstrates signing metadata documents using PKCS#11 tokens (such as smart cards or Hardware Security Modules).
Per-entity OutputReads a SAML metadata aggregate, decomposes it into individual entities, signs each and writes the signed per-entity metadata into separate files within a specified directory.
  • No labels