...
reads the UK federation metadata aggregate from its distribution site
verifies the aggregate's signature using the X.509 certificate taken from
path/to/ukfederation-2014.pem
removes three specific (imaginary) entities belonging to the Shibboleth project
example.com
domainremoves all entity role descriptors other than
IDPSSODescriptor
,SPSSODescriptor
orAttributeAuthorityDescriptor
removes any person or organization contact information
writes the results into the file
path/to/output.xml
...
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?> <beans default-init-method="initialize" xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <bean id="httpClientBuilder" class="net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder"/> <bean id="httpClient" factory-bean="httpClientBuilder" factory-method="buildClient"/> <!-- First, we define the stages for our pipeline --> <bean id="source" class="net.shibboleth.metadata.dom.DOMResourceSourceStage"> <property name="id" value="source"/> <property name="parserPool"> <bean class="net.shibboleth.utilities.java.support.xml.BasicParserPool" init-method="initialize"/> </property> <property name="DOMResource"> <bean class="net.shibboleth.ext.spring.resource.HTTPResource"> <constructor-arg ref="httpClient"/> <constructor-arg value="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"/> </bean> </property> </bean> <bean id="validateSignature" class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"> <property name="id" value="validateSignature"/> <property name="verificationCertificate"> <bean class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean"> <property name="resource"> <bean class="org.springframework.core.io.FileSystemResource"> <constructor-arg> <bean class="java.io.File"> <constructor-arg value="path/to/ukfederation-2014.pem"/> </bean> </constructor-arg> </bean> </property> </bean> </property> </bean> <bean id="removeEntities" class="net.shibboleth.metadata.dom.saml.EntityFilterStage"> <property name="id" value="removeEntities"/> <property name="designatedEntities"> <list> <value>https://idp.shibbolethexample.netcom/idp/shibboleth</value> <value>https://issues.shibbolethexample.netcom/shibboleth</value> <value>https://wiki.shibbolethexample.netcom/shibboleth</value> </list> </property> </bean> <bean id="removeRoles" class="net.shibboleth.metadata.dom.saml.EntityRoleFilterStage"> <property name="id" value="removeRoles"/> <property name="whitelistingRoles" value="true"/> <property name="designatedRoles"> <list> <bean class="javax.xml.namespace.QName"> <constructor-arg value="urn:oasis:names:tc:SAML:2.0:metadata"/> <constructor-arg value="IDPSSODescriptor"/> </bean> <bean class="javax.xml.namespace.QName"> <constructor-arg value="urn:oasis:names:tc:SAML:2.0:metadata"/> <constructor-arg value="AttributeAuthorityDescriptor"/> </bean> <bean class="javax.xml.namespace.QName"> <constructor-arg value="urn:oasis:names:tc:SAML:2.0:metadata"/> <constructor-arg value="SPSSODescriptor"/> </bean> </list> </property> </bean> <bean id="removeInvalidContactPerson" class="net.shibboleth.metadata.dom.saml.ContactPersonFilterStage"> <property name="id" value="removeInvalidContactPerson"/> <property name="whitelistingTypes" value="false"/> </bean> <bean id="removeOrganization" class="net.shibboleth.metadata.dom.saml.RemoveOrganizationStage"> <property name="id" value="removeOrganization"/> </bean> <bean id="serialize" class="net.shibboleth.metadata.pipeline.SerializationStage"> <property name="id" value="serializeIdPs"/> <property name="outputFile"> <bean class="java.io.File"> <constructor-arg value="path/to/output.xml"/> </bean> </property> <property name="serializer"> <bean id="domSerializer" class="net.shibboleth.metadata.dom.DOMElementSerializer"/> </property> </bean> <!-- Next we define a pipeline with all the stages in it --> <bean id="main" class="net.shibboleth.metadata.pipeline.SimplePipeline"> <property name="id" value="main"/> <property name="stages"> <list> <ref bean="source"/> <ref bean="validateSignature"/> <ref bean="removeEntities"/> <ref bean="removeRoles"/> <ref bean="removeInvalidContactPerson"/> <ref bean="removeOrganization"/> <ref bean="serialize"/> </list> </property> </bean> </beans> |
...