Page tree

The OpenSAML 2 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

The Configuration File

The XMLTooling configuration file begins with the root element XMLTooling , which occurs in the namespace http://www.opensaml.org/xmltooling-config . The schema for this file is located XMLTooling project in the directory src/schema/ directory and is called xmltooling-config.xsd .

Configuring Object Providers

Object providers are a set of classes that provide building, marshalling, and unmarshalling functionality for a given element (e.g. <Issuer>) or schema instance type (e.g SubjectConfirmationType), with the schema type preferred, if both are available. Object provider definitions are grouped within the ObjectProviders element, a child of the XMLTooling root element. This element contains any number of ObjectProvider elements.

ObjectProvider

The ObjectProvide element requires a single attribute qualifiedName , which is the QName of the element or schema type. Because this is an XML QName, you must provide a defined namespace prefix to the element or schema type or else the configuration file will fail to validation. In the example presented here you would see the following namespace definition on the XMLTooling root element: xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"

ObjectProvider Children

The following children of ObjectProvider provide information on the builder, marshaller, and unmarshaller that make up the Object provider.

  • BuilderClass - Provides the class to be used to build a particular SAML object. Its single attribute, className , has a value of a fully qualified Builder class. See the section on creating new SAML objects for information on the builder class.
  • MarshallingClass - Provides the class to be used to marshall a particular SAML object. Its single attribute, className , has a value of a fully qualified Marshaller class. See the section on creating new SAML object marshallers for information on the marshaller class.
  • UnmarshallingClass - Provides the class to be used to unmarshall a particular SAML object. Its single attribute, className , has a value of a fully qualified Unmarshaller class. See the section on creating new SAML object unmarshallers for information on the unmarshaller class.

Extending the Object Provider

ObjectProvider and its children allow any namespace qualified attributes or elements to be added, so long as the namespace is not the XMLTooling configuration namespace. This allows implementers to provide additional data to thier classes throught the configuration file. This information can be retrieved through the org.opensaml.xml.Configuration#getObjectProviderConfiguration(QName) method which simply returns a clone of the ObjectProvider element, and it's children. The QName argument corresponds to the QName given in the qualifiedName attribute of the ObjectProvider element; only the local name and namespace URI are used in this match.

Configuring Validator Suites

Validator suites are collections of Validators that can be evaluated against a tree of SAMLObjects to ensure that objects within it meet criteria represented by the Validators. Validator Suite definitions are grouped together within the ValidatorSuites element as child of the XMLTooling root element and contains any number of ValidatorSuite elements. If both ObjectProviders and ValidatorSuites appear in the same configuration file ValidatorSuites must come after ObjectProviders .

ValidatorSuite

The ValidatorSuite element requires a single attribute, id , that represents a unique identifier that can later be used to retrieve this suite. This element may contain any number of Validtor elements.

Validator

The Validator element requires two attributes:

  • className provides the fully qualified class name of the Validator
  • qualifiedName contains the schema type QName or element QName that this validator should be used with

Extending the Validator Suite

ValidatorSuite and its children allow any namespace qualified attributes or elements to be added, so long as the namespace is not the XMLTooling configuration namespace. This allows implementers to provide additional data to their classes through the configuration file. This information can be retrieved through the org.opensaml.xml.Configuration#getValidatorSuiteConfiguration(String) method, which simply returns a clone of the ValidatorSuite element and its children. The String argument corresponds to the ID given in the id attribute of the ValidtorSuite element.

Example Configuration File

<?xml version="1.0" encoding="UTF-8"?>
<XMLTooling xmlns="http://www.opensaml.org/xmltooling-config" 
	 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
	 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
	 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	 
	 <ObjectProviders>

		  <!-- EntitiesDescriptor provider -->
		  <ObjectProvider qualifiedName="md:EntitiesDescriptor">
				<BuilderClass className="org.opensaml.saml2.metadata.impl.EntitiesDescriptorBuilder" />
				<MarshallingClass className="org.opensaml.saml2.metadata.impl.EntitiesDescriptorMarshaller" />
				<UnmarshallingClass className="org.opensaml.saml2.metadata.impl.EntitiesDescriptorUnmarshaller" />
		  </ObjectProvider>

		  <!-- EntityDescriptor provider -->
		  <ObjectProvider qualifiedName="md:EntityDescriptor">
				<BuilderClass className="org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder" />
				<MarshallingClass className="org.opensaml.saml2.metadata.impl.EntityDescriptorMarshaller" />
				<UnmarshallingClass className="org.opensaml.saml2.metadata.impl.EntityDescriptorUnmarshaller" />
		  </ObjectProvider>

	 </ObjectProviders>

	 <ValidatorSuites>

		  <ValidatorSuite id="SAML2-Schema">
				<Validator className="org.opensaml.saml2.metadata.validator.EntityDescriptorSchemaValidator" qualifiedName="md:EntityDescriptor"/>
				<Validator className="org.opensaml.saml2.metadata.validator.EntitiesDescriptorSchemaValidator" qualifiedName="md:EntitiesDescriptor"/>
		  </ValidatorSuite>

		  <ValidatorSuite id="SAML2-SSO-Profile">
				<Validator className="org.opensaml.saml2.profiles.validator.SSOProfileValidator" qualifiedName="saml2p:AuthnRequest"/>
		  </ValidatorSuite>

	 </ValidatorSuites>

</XMLTooling>
  • No labels