Child pages
  • Example: Per-entity Output
Skip to end of metadata
Go to start of metadata

This command line configuration example:

  • reads a file path/to/metadata.xml containing a SAML metadata aggregate
  • decomposes that aggregate into its constituent entity metadata documents
  • signs each of those per-entity documents using a private key located in path/to/private-key.pem
  • writes the results into multiple files in the directory path/to/output
    • each file is named as a function of the entity's entityID attribute:
      • the string "_", followed by
      • a lower-case, hex-encoded, SHA-1 hash of the entityID, followed by
      • the string ".xml"

You can execute the example as follows:

$ .../mda.sh config.xml main

The example configuration file is as follows; it has been verified with MDA version 0.9.2:

<?xml version="1.0" encoding="UTF-8"?>
<beans default-init-method="initialize"
       xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
 
    <!-- First, we define the stages for our pipeline -->
    <bean id="source" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage">
        <property name="id" value="source"/>
        <property name="parserPool">
            <bean class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/>
        </property>
        <property name="source">
            <bean class="java.io.File">
                <constructor-arg value="path/to/metadata.xml"/>
            </bean>
        </property>
    </bean>
 
    <bean id="disassembleEntitiesDescriptor" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorDisassemblerStage">
        <property name="id" value="disassembleEntitiesDescriptor"/>
    </bean>
 
    <bean id="populateItemIds" class="net.shibboleth.metadata.dom.saml.EntityDescriptorItemIdPopulationStage">
        <property name="id" value="populateItemIds"/>
    </bean>
 
    <bean id="generateContentReferenceId" class="net.shibboleth.metadata.dom.saml.GenerateIdStage">
        <property name="id" value="generateContentReferenceId" />
    </bean>
 
    <bean id="signMetadata" class="net.shibboleth.metadata.dom.XMLSignatureSigningStage">
        <property name="id" value="signMetadata"/>
        <property name="privateKey">
            <bean class="net.shibboleth.ext.spring.factory.PrivateKeyFactoryBean">
                <property name="resource">
                    <bean class="org.springframework.core.io.FileSystemResource">
                        <constructor-arg>
                            <bean class="java.io.File">
                                <constructor-arg value="path/to/private-key.pem"/>
                            </bean>
                        </constructor-arg>
                    </bean>
                </property>
            </bean>
        </property>
    </bean>
 
    <bean id="serialize" class="net.shibboleth.metadata.pipeline.MultiOutputSerializationStage">
        <property name="id" value="serializeIdPs"/>
        <property name="serializer">
            <bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer" />
        </property>
        <property name="outputStrategy">
            <bean class="net.shibboleth.metadata.pipeline.FilesInDirectoryMultiOutputStrategy">
                <property name="nameSuffix" value=".xml"/>
                <property name="namePrefix" value="_"/>
                <property name="directory">
                    <bean class="java.io.File">
                        <constructor-arg value="path/to/output"/>
                    </bean>
                </property>
                <property name="nameTransformer">
                    <bean class="net.shibboleth.metadata.util.SHA1StringTransformer"/>
                </property>
            </bean>
        </property>
    </bean>
 
    <!-- Next we define a pipeline with all the stages in it -->
    <bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline" init-method="initialize">
        <property name="id" value="main"/>
        <property name="stages">
            <list>
                <ref bean="source"/>
                <ref bean="disassembleEntitiesDescriptor"/>
                <ref bean="populateItemIds"/>
                <ref bean="generateContentReferenceId" />
                <ref bean="signMetadata"/>
                <ref bean="serialize" />
            </list>
        </property>
    </bean>
</beans>
  • No labels