...
- reads a file
path/to/metadata.xmlcontaining SAML metadata - signs the that document using:
- a PKCS#11 token token determined by
- a PKCS#11 configuration file specifying the toke
- a user password
- an alias determining which of the token's keys to use
- a separate certificate read from
path/to/certificate.pem
- a PKCS#11 token token determined by
- writes the results into the file
path/to/output.xml
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<beans default-init-method="initialize"
xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!-- First, we define the stages for our pipeline -->
<bean id="source" class="net.shibboleth.metadata.dom.DOMFilesystemSourceStage">
<property name="id" value="source"/>
<property name="parserPool">
<bean class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/>
</property>
<property name="source">
<bean class="java.io.File">
<constructor-arg value="path/to/metadata.xml"/>
</bean>
</property>
</bean>
<bean id="removeInvalidContactPersongenerateContentReferenceId" class="net.shibboleth.metadata.dom.saml.ContactPersonFilterStageGenerateIdStage">
<property name="id" value="removeInvalidContactPersongenerateContentReferenceId"/> <property name="whitelistingTypes" value="false"/>
</bean>
<bean id="removeOrganizationsignMetadata" class="net.shibboleth.metadata.dom.saml.RemoveOrganizationStageXMLSignatureSigningStage">
<property name="id" value="removeOrganizationsignMetadata"/>
</bean> <property <bean idname="createEntitiesDescriptor" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorAssemblerStage">
certificates">
<property name="id" value="createEntitiesDescriptor"/>
</bean>
<bean id="generateContentReferenceId" class="net.shibboleth.metadataext.domspring.samlfactory.GenerateIdStageX509CertificateFactoryBean">
<property name="idresource" value="generateContentReferenceId" file:path/to/certificate.pem"/>
</bean> <bean id="signMetadata" class="net.shibboleth.metadata.dom.XMLSignatureSigningStage"> </bean>
<property name="id" value="signMetadata"/> </property>
<property name="privateKey">
<bean class="net.shibboleth.extmetadata.springutil.factory.PrivateKeyFactoryBeanPKCS11PrivateKeyFactoryBean">
<property name="resourcepkcs11Config">
<bean class="org.springframework.core.io.FileSystemResource" value="path/to/pkcs11.cfg"/>
<property <constructor-arg>
<bean class="java.io.File"name="keyPassword" value="pfd36nRqhwBf"/>
<property <constructor-arg value="path/to/private-key.pem"/>
</bean>
</constructor-arg>
</bean>
name="keyAlias" value="key10"/>
</property>
</bean>
</property>
</bean>
<bean id="serialize" class="net.shibboleth.metadata.pipeline.SerializationStage">
<property name="id" value="serializeIdPs"/>
<property name="outputFile">
<bean class="java.io.File">
<constructor-arg value="path/to/output.xml"/>
</bean>
</property>
<property name="serializer">
<bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer" />
</property>
</bean>
<!-- Next we define a pipeline with all the stages in it -->
<bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline" init-method="initialize">
<property name="id" value="main"/>
<property name="stages">
<list>
<ref bean="source"/>
<ref bean="removeInvalidContactPerson"/>
<ref bean="removeOrganization"/>
<ref bean="createEntitiesDescriptor"/>
<ref bean="generateContentReferenceId" />
<ref bean="signMetadata"/>
<ref bean="serialize" />
</list>
</property>
</bean>
</beans> |