Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

inc-meta/mdx/common-beans.xml

Go to file
@iay
iay Merge upstream for incommon-v13
Latest commit 275b647 Sep 27, 2024 History
1 contributor

Users who have contributed to this file

1285 lines (1103 sloc) 55.5 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<!--
Common bean definitions.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
default-lazy-init="true"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
Enable property placeholder replacement from system properties only.
-->
<context:property-placeholder/>
<!--
Pick up Shibboleth MDA beans.
-->
<import resource="classpath:net/shibboleth/metadata/beans.xml"/>
<!--
Pick up UK federation MDA beans.
-->
<import resource="classpath:uk/org/ukfederation/mda/beans.xml"/>
<!--
***********************************
*** ***
*** P A R E N T B E A N S ***
*** ***
***********************************
-->
<!--
Java class parent shorthand beans.
-->
<bean id="File" abstract="true" class="java.io.File"/>
<bean id="Instant" abstract="true" class="java.time.Instant"/>
<bean id="String" abstract="true" class="java.lang.String"/>
<bean id="QName" abstract="true" class="javax.xml.namespace.QName"/>
<!--
Spring resource class parent shorthand beans.
-->
<bean id="ClassPathResource" abstract="true"
class="org.springframework.core.io.ClassPathResource"/>
<bean id="FileSystemResource" abstract="true"
class="org.springframework.core.io.FileSystemResource"/>
<!--
component_parent
Parent for anything based on the Shibboleth component system.
These all require initialization before use.
-->
<bean id="component_parent" abstract="true"
init-method="initialize" destroy-method="destroy"/>
<!--
XMLSignatureValidationStage
Parent for XML Signature validation stages.
Applies global algorithm exclusions. For values, see:
http://www.w3.org/TR/xmlsec-algorithms/
Establishes a default of *not* permitting empty references
in signatures, per the SAML specification. This will be
overridden in specific beans where a signature is known to
require it.
-->
<bean id="XMLSignatureValidationStage" abstract="true" parent="mda.XMLSignatureValidationStage">
<property name="disallowedDigests">
<list>
<value>http://www.w3.org/2001/04/xmldsig-more#md5</value>
</list>
</property>
<property name="disallowedSignatureMethods">
<list>
<value>http://www.w3.org/2001/04/xmldsig-more#rsa-md5</value>
</list>
</property>
<property name="permittingEmptyReferences" value="false"/>
</bean>
<!--
XMLSignatureValidationStageSHA256
Parent for XML signature validation stages where we know
the signature will not be made with MD5 or SHA-1.
-->
<bean id="XMLSignatureValidationStageSHA256" abstract="true"
parent="XMLSignatureValidationStage">
<property name="disallowedDigests">
<list>
<value>http://www.w3.org/2000/09/xmldsig#sha1</value>
<value>http://www.w3.org/2001/04/xmldsig-more#md5</value>
</list>
</property>
<property name="disallowedSignatureMethods">
<list>
<value>http://www.w3.org/2000/09/xmldsig#rsa-sha1</value>
<value>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1</value>
<value>http://www.w3.org/2001/04/xmldsig-more#rsa-md5</value>
</list>
</property>
</bean>
<!-- *** Default Shibboleth component bean id property from Spring bean id *** -->
<bean parent="mda.IdentifiableBeanPostProcessor" lazy-init="false"/>
<!--
*****************************
*** ***
*** U T I L I T I E S ***
*** ***
*****************************
-->
<!-- This bean MUST be called "conversionService" to work properly. -->
<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
<property name="converters">
<set>
<bean parent="mda.StringToDurationConverter"/>
<bean parent="mda.StringToIPRangeConverter"/>
<bean parent="mda.BooleanToPredicateConverter"/>
<bean parent="mda.StringBooleanToPredicateConverter"/>
<bean parent="mda.StringToResourceConverter"/>
</set>
</property>
</bean>
<!--
*******************************************************
*** ***
*** D A T E A N D T I M E H A N D L I N G ***
*** ***
*******************************************************
-->
<!--
Approximately when the Spring context was initialised,
as a java.time.Instant.
-->
<bean id="start_instant_raw" parent="Instant" factory-method="now"/>
<!--
A java.time.Instant representing 00:00:00Z today.
We use this to pin timestamps in aggregates intended for comparison.
-->
<bean id="today_instant_raw" parent="Instant" factory-method="from"
c:_="#{ start_instant_raw.truncatedTo(T(java.time.temporal.ChronoUnit).DAYS) }"/>
<!--
Select the instant to use as "now" in places like aggregate generation.
By default, this will be the time the Spring context was initialised.
This may be overridden in order to provide a stable value for
run-to-run comparisons.
Set the now.instant.raw.name to the name of the overriding value bean.
If running from build.xml using ant, this needs to be prefixed by "mda.".
Example:
ant -Dmda.now.instant.raw.name=today_instant_raw ...
-->
<bean id="now_instant_raw" parent="Instant" factory-method="from"
c:_-ref="${now.instant.raw.name:start_instant_raw}"/>
<!--
now_instant_raw can have any precision. To get somewhat consistent
output, derive a new now_instant that truncates that to the second.
-->
<bean id="now_instant" parent="Instant" factory-method="from"
c:_="#{ now_instant_raw.truncatedTo(T(java.time.temporal.ChronoUnit).SECONDS) }"/>
<!--
Strings representing now_instant as an ISO 8601 UTC date/time
and as an ISO 8601 date.
-->
<bean id="now_ISO" parent="String" c:_="#{ now_instant.toString() }"/>
<bean id="now_date_ISO" parent="String" c:_="#{ now_ISO.substring(0,10) }"/>
<!--
The now_instant as a local date/time (in the system default
timezone), and as an ISO 8601 representation of that.
-->
<bean id="now_local" class="java.time.LocalDateTime"
factory-method="ofInstant"
c:_0-ref="now_instant"
c:_1="#{ T(java.time.ZoneId).systemDefault() }"/>
<bean id="now_local_ISO" parent="String" c:_="#{ now_local.toString() }"/>
<!--
Make a value for the validUntil attribute for any aggregates we
generate.
This is based on the now_instant plus a number of days specified
by the validUntil.aggregate.days property (or 14 days if for some reason
that is not defined).
Assumes that a day is exactly 86400 seconds, which is close enough for
these purposes.
-->
<bean id="validUntil_aggregate_days" class="java.lang.Integer" factory-method="parseInt"
c:_="${validUntil.aggregate.days:14}"/>
<bean id="validUntil_aggregate_ISO" parent="String"
c:_="#{ now_instant.plusSeconds(86400*validUntil_aggregate_days).toString()}"/>
<!--
***********************************************
*** ***
*** N A M E S P A C E H A N D L I N G ***
*** ***
***********************************************
-->
<!--
Namespace URI beans.
One String bean for each of the common namespaces, named by its prefix.
-->
<bean id="alg_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<bean id="ds_namespace" parent="String" c:_="http://www.w3.org/2000/09/xmldsig#"/>
<bean id="dsig11_namespace" parent="String" c:_="http://www.w3.org/2009/xmldsig11#"/>
<bean id="hoksso_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser"/>
<bean id="icmd_namespace" parent="String" c:_="http://id.incommon.org/metadata"/>
<bean id="idpdisc_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"/>
<bean id="init_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:profiles:SSO:request-init"/>
<bean id="md_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:2.0:metadata"/>
<bean id="mdattr_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:metadata:attribute"/>
<bean id="mdrpi_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:metadata:rpi"/>
<bean id="mdui_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:metadata:ui"/>
<bean id="remd_namespace" parent="String" c:_="http://refeds.org/metadata"/>
<bean id="saml_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:2.0:assertion"/>
<bean id="samlp_namespace" parent="String" c:_="urn:oasis:names:tc:SAML:2.0:protocol"/>
<bean id="shibmd_namespace" parent="String" c:_="urn:mace:shibboleth:metadata:1.0"/>
<bean id="ukfedlabel_namespace" parent="String" c:_="http://ukfederation.org.uk/2006/11/label"/>
<bean id="xenc_namespace" parent="String" c:_="http://www.w3.org/2001/04/xmlenc#"/>
<bean id="xenc11_namespace" parent="String" c:_="http://www.w3.org/2009/xmlenc11#"/>
<bean id="xml_namespace" parent="String" c:_="http://www.w3.org/XML/1998/namespace"/>
<bean id="xs_namespace" parent="String" c:_="http://www.w3.org/2001/XMLSchema"/>
<bean id="xsi_namespace" parent="String" c:_="http://www.w3.org/2001/XMLSchema-instance"/>
<bean id="xsl_namespace" parent="String" c:_="http://www.w3.org/1999/XSL/Transform"/>
<!--
commonNamespaces
A NamespaceContext that assigns the usual prefix for each of the commonly used XML namespaces.
This is used in the evaluation of XPath expressions.
-->
<bean id="commonNamespaces" parent="mda.SimpleNamespaceContext">
<constructor-arg>
<util:map map-class="java.util.HashMap">
<entry key="alg" value-ref="alg_namespace"/>
<entry key="ds" value-ref="ds_namespace"/>
<entry key="dsig11" value-ref="dsig11_namespace"/>
<entry key="hoksso" value-ref="hoksso_namespace"/>
<entry key="icmd" value-ref="icmd_namespace"/>
<entry key="idpdisc" value-ref="idpdisc_namespace"/>
<entry key="init" value-ref="init_namespace"/>
<entry key="md" value-ref="md_namespace"/>
<entry key="mdattr" value-ref="mdattr_namespace"/>
<entry key="mdrpi" value-ref="mdrpi_namespace"/>
<entry key="mdui" value-ref="mdui_namespace"/>
<entry key="remd" value-ref="remd_namespace"/>
<entry key="saml" value-ref="saml_namespace"/>
<entry key="samlp" value-ref="samlp_namespace"/>
<entry key="shibmd" value-ref="shibmd_namespace"/>
<entry key="ukfedlabel" value-ref="ukfedlabel_namespace"/>
<entry key="xenc" value-ref="xenc_namespace"/>
<entry key="xenc11" value-ref="xenc11_namespace"/>
<entry key="xs" value-ref="xs_namespace"/>
<entry key="xsi" value-ref="xsi_namespace"/>
<entry key="xsl" value-ref="xsl_namespace"/>
</util:map>
</constructor-arg>
</bean>
<!--
stripAlgNamespace
Remove the algorithm support namespace.
-->
<bean id="stripAlgNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="alg_namespace"/>
<!--
stripIdpdiscNamespace
Remove the IdP discovery namespace.
-->
<bean id="stripIdpdiscNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="idpdisc_namespace"/>
<!--
stripInitNamespace
Remove the session initiation namespace.
-->
<bean id="stripInitNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="init_namespace"/>
<!--
stripMdattrNamespace
Remove the namespace used by the entity attributes extension.
-->
<bean id="stripMdattrNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="mdattr_namespace"/>
<!--
stripMdrpiNamespace
Remove the namespace used by the registration and publication metdata extension.
-->
<bean id="stripMdrpiNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="mdrpi_namespace"/>
<!--
stripUkfedlabelNamespace
Remove the UK federation label namespace.
-->
<bean id="stripUkfedlabelNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="ukfedlabel_namespace"/>
<!--
stripXsiNamespace
Strip the XML Schema Instance namespace.
-->
<bean id="stripXsiNamespace" parent="mda.NamespaceStrippingStage"
p:namespace-ref="xsi_namespace"/>
<!--
normaliseNamespaces
A pipeline stage that can be used before serialisation to normalise the namespaces
used in an XML document.
-->
<bean id="normaliseNamespaces" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:ns_norm.xsl"/>
<!--
***************************************************
*** ***
*** V A L I D A T I O N F R A M E W O R K ***
*** ***
***************************************************
-->
<!--
Import beans that perform individual validation checks.
-->
<import resource="classpath:validation-beans.xml"/>
<!--
Federation registrationAuthority URIs.
Bean names are generally constructed from the 2-letter
ISO country code, underscore, and the federation acronym.
The list is ordered by bean name.
-->
<bean id="al_rash_registrar" parent="String" c:_="https://eduid.rash.al"/>
<bean id="am_afire_registrar" parent="String" c:_="https://aai.asnet.am"/>
<bean id="ar_mate_registrar" parent="String" c:_="http://www.federacionmate.gob.ar"/>
<bean id="at_aconet_registrar" parent="String" c:_="http://eduid.at"/>
<bean id="au_aaf_registrar" parent="String" c:_="https://aaf.edu.au"/>
<bean id="az_sciencenet_registrar" parent="String" c:_="http://edugain.azsciencenet.az"/>
<bean id="bd_tigerfed_registrar" parent="String" c:_="https://tigerfed.net.bd"/>
<bean id="be_belnet_registrar" parent="String" c:_="http://federation.belnet.be/"/>
<bean id="bg_bif_registrar" parent="String" c:_="https://bif.bren.bg"/>
<bean id="br_cafe_registrar" parent="String" c:_="http://cafe.rnp.br"/>
<bean id="by_febas_registrar" parent="String" c:_="https://febas.basnet.by"/>
<bean id="ca_caf_registrar" parent="String" c:_="http://www.canarie.ca"/>
<bean id="ch_switchaai_registrar" parent="String" c:_="http://rr.aai.switch.ch/"/>
<bean id="cl_cofre_registrar" parent="String" c:_="http://cofre.reuna.cl"/>
<bean id="cn_carsi_registrar" parent="String" c:_="https://www.carsi.edu.cn"/>
<bean id="cn_cstcloud_registrar" parent="String" c:_="https://www.cstcloud.net/"/>
<bean id="co_colfire_registrar" parent="String" c:_="http://colfire.co"/>
<bean id="cy_cynet_registrar" parent="String" c:_="https://cif.cynet.ac.cy"/>
<bean id="cz_eduid_registrar" parent="String" c:_="http://www.eduid.cz/"/>
<bean id="de_dfnaai_registrar" parent="String" c:_="https://www.aai.dfn.de"/>
<bean id="dk_wayf_registrar" parent="String" c:_="https://www.wayf.dk"/>
<bean id="dz_arnaai_registrar" parent="String" c:_="https://www.aai.arn.dz/"/>
<bean id="ec_minga_registrar" parent="String" c:_="https://minga.cedia.org.ec"/>
<bean id="ee_taat_registrar" parent="String" c:_="http://taat.edu.ee"/>
<bean id="es_sir_registrar" parent="String" c:_="http://www.rediris.es/"/>
<bean id="fi_haka_registrar" parent="String" c:_="http://www.csc.fi/haka"/>
<bean id="fr_renater_registrar" parent="String" c:_="https://federation.renater.fr/"/>
<bean id="ge_gif_registrar" parent="String" c:_="https://mtd.gif.grena.ge"/>
<bean id="gr_grnet_registrar" parent="String" c:_="http://aai.grnet.gr/"/>
<bean id="hk_hkaf_registrar" parent="String" c:_="https://hkaf.edu.hk"/>
<bean id="hr_eduhr_registrar" parent="String" c:_="http://www.srce.hr"/>
<bean id="hu_eduid_registrar" parent="String" c:_="http://eduid.hu"/>
<bean id="ie_edugate_registrar" parent="String" c:_="http://www.heanet.ie"/>
<bean id="il_iif_registrar" parent="String" c:_="http://iif.iucc.ac.il"/>
<bean id="in_infed_registrar" parent="String" c:_="http://inflibnet.ac.in"/>
<bean id="ir_irfed_registrar" parent="String" c:_="https://irfed.ir/"/>
<bean id="it_gridp_registrar" parent="String" c:_="http://gridp.garr.it"/>
<bean id="it_idem_registrar" parent="String" c:_="http://www.idem.garr.it/"/>
<bean id="jp_gakunin_registrar" parent="String" c:_="https://www.gakunin.jp"/>
<bean id="kr_kafe_registrar" parent="String" c:_="http://kafe.kreonet.net"/>
<bean id="kg_krena_registrar" parent="String" c:_="https://www.kif.kg"/>
<bean id="lb_life_registrar" parent="String" c:_="http://life.aub.edu.lb"/><!-- A guess -->
<bean id="lk_liaf_registrar" parent="String" c:_="https://liaf.ac.lk"/>
<bean id="lt_litnet_registrar" parent="String" c:_="https://fedi.litnet.lt"/>
<bean id="lu_eduid_registrar" parent="String" c:_="http://eduid.lu"/>
<bean id="lv_laife_registrar" parent="String" c:_="http://laife.lanet.lv/"/>
<bean id="ma_eduidm_registrar" parent="String" c:_="https://eduidm.ma"/>
<bean id="md_leaf_registrar" parent="String" c:_="http://federations.renam.md/"/>
<bean id="me_eduid_registrar" parent="String" c:_="http://mren.ac.me"/><!-- A guess -->
<bean id="mk_aaiedumk_registrar" parent="String" c:_="https://rr.aaiedu.mk"/>
<bean id="mt_ricerca_registrar" parent="String" c:_="https://id.ricerka.net.mt"/>
<bean id="mw_maren_registrar" parent="String" c:_="https://maren.ac.mw"/><!-- A guess -->
<bean id="my_sifulan_registrar" parent="String" c:_="https://sifulan.my"/>
<bean id="mx_fenix_registrar" parent="String" c:_="http://www.fenix.org.mx"/>
<bean id="mz_cafmoz_registrar" parent="String" c:_="http://cafmoz.morenet.ac.mz"/>
<bean id="nl_surfconext_registrar" parent="String" c:_="http://www.surfconext.nl/"/>
<bean id="ng_eduidng_registrar" parent="String" c:_="https://www.eduid.ng"/>
<bean id="no_feide_registrar" parent="String" c:_="http://feide.no/"/>
<bean id="nz_tuakiri_registrar" parent="String" c:_="https://tuakiri.ac.nz/"/>
<bean id="om_omankid_registrar" parent="String" c:_="https://www.trc.gov.om/trcweb/"/>
<bean id="om_omren_registrar" parent="String" c:_="http://www.omren.om"/>
<bean id="pk_pkifed_registrar" parent="String" c:_="https://pkifed.pk"/>
<bean id="pl_pionier_registrar" parent="String" c:_="https://aai.pionier.net.pl"/>
<bean id="pt_rctsaai_registrar" parent="String" c:_="https://www.fccn.pt"/>
<bean id="ro_edunetid_registrar" parent="String" c:_="http://eduid.roedu.net"/>
<bean id="rs_amres_registrar" parent="String" c:_="http://amres.ac.rs/"/><!-- A guess -->
<bean id="ru_fedurus_registrar" parent="String" c:_="http://arbicon.ru"/>
<bean id="ru_runnet_registrar" parent="String" c:_="http://runnet.ru/"/>
<bean id="sa_maeen_registrar" parent="String" c:_="https://www.maeen.sa"/>
<bean id="se_swamid_registrar" parent="String" c:_="http://www.swamid.se/"/>
<bean id="sg_sgaf_registrar" parent="String" c:_="https://www.singaren.net.sg"/>
<bean id="si_arnes_registrar" parent="String" c:_="http://aai.arnes.si"/>
<bean id="sk_safeid_registrar" parent="String" c:_="http://safeid.sk"/>
<bean id="th_thaiidf_registrar" parent="String" c:_="http://idf.thairen.net.th"/>
<bean id="tj_tarena_registrar" parent="String" c:_="http://www.tidf.tj/"/>
<bean id="tr_yetkim_registrar" parent="String" c:_="https://yetkim.org.tr/"/>
<bean id="ua_peano_registrar" parent="String" c:_="https://peano.uran.ua"/>
<bean id="ug_rif_registrar" parent="String" c:_="https://www.renu.ac.ug"/>
<bean id="uk_ukf_registrar" parent="String" c:_="http://ukfederation.org.uk"/>
<bean id="us_incommon_registrar" parent="String" c:_="https://incommon.org"/>
<bean id="za_safire_registrar" parent="String" c:_="https://safire.ac.za"/>
<bean id="zm_fidern_registrar" parent="String" c:_="https://fidern.ac.zm"/>
<!--
registrationAuthorityDisplayNameMap
Map from registration authority URIs to short codes
suitable for presentation in messages.
-->
<util:map id="registrationAuthorityDisplayNameMap">
<!--
eduGAIN participant registration authority display names as country codes.
The display name for a country with only one registrar
is the ISO 2-letter country code.
If there is more than one registrar, each will be given
a display name constructed from the country code, a hyphen,
and a federation acronym.
The ordering here is as on the eduGAIN status page:
https://technical.edugain.org/status
-->
<entry key-ref="au_aaf_registrar" value="AU"/>
<entry key-ref="hr_eduhr_registrar" value="HR"/>
<entry key-ref="mk_aaiedumk_registrar" value="MK"/>
<entry key-ref="at_aconet_registrar" value="AT"/>
<entry key-ref="am_afire_registrar" value="AM"/>
<entry key-ref="dz_arnaai_registrar" value="DZ"/>
<entry key-ref="si_arnes_registrar" value="SI"/>
<entry key-ref="be_belnet_registrar" value="BE"/>
<entry key-ref="bg_bif_registrar" value="BG"/>
<entry key-ref="ca_caf_registrar" value="CA"/>
<entry key-ref="br_cafe_registrar" value="BR"/>
<entry key-ref="mz_cafmoz_registrar" value="MZ"/>
<entry key-ref="cn_carsi_registrar" value="CN-CARSI"/>
<entry key-ref="cl_cofre_registrar" value="CL"/>
<entry key-ref="co_colfire_registrar" value="CO"/>
<entry key-ref="cn_cstcloud_registrar" value="CN-CSTCLOUD"/>
<entry key-ref="cy_cynet_registrar" value="CY"/>
<entry key-ref="de_dfnaai_registrar" value="DE"/>
<entry key-ref="ie_edugate_registrar" value="IE"/>
<entry key-ref="cz_eduid_registrar" value="CZ"/>
<entry key-ref="hu_eduid_registrar" value="HU"/>
<entry key-ref="lu_eduid_registrar" value="LU"/>
<entry key-ref="ng_eduidng_registrar" value="NG"/>
<entry key-ref="ma_eduidm_registrar" value="MA"/>
<entry key-ref="by_febas_registrar" value="BY"/>
<entry key-ref="ru_fedurus_registrar" value="RU-FEDURUS"/>
<entry key-ref="no_feide_registrar" value="NO"/>
<entry key-ref="mx_fenix_registrar" value="MX"/>
<entry key-ref="fr_renater_registrar" value="FR"/>
<entry key-ref="zm_fidern_registrar" value="ZM"/>
<entry key-ref="jp_gakunin_registrar" value="JP"/>
<entry key-ref="ge_gif_registrar" value="GE"/>
<entry key-ref="gr_grnet_registrar" value="GR"/>
<entry key-ref="fi_haka_registrar" value="FI"/>
<entry key-ref="hk_hkaf_registrar" value="HK"/>
<entry key-ref="it_idem_registrar" value="IT"/>
<entry key-ref="us_incommon_registrar" value="US"/>
<entry key-ref="in_infed_registrar" value="IN"/>
<entry key-ref="ir_irfed_registrar" value="IR"/>
<entry key-ref="il_iif_registrar" value="IL"/>
<entry key-ref="kr_kafe_registrar" value="KR"/>
<entry key-ref="kg_krena_registrar" value="KG"/>
<entry key-ref="lv_laife_registrar" value="LV"/>
<entry key-ref="md_leaf_registrar" value="MD"/>
<entry key-ref="lt_litnet_registrar" value="LT"/>
<entry key-ref="lk_liaf_registrar" value="LK"/>
<entry key-ref="ar_mate_registrar" value="AR"/>
<entry key-ref="ec_minga_registrar" value="EC"/>
<entry key-ref="om_omankid_registrar" value="OM-KID"/>
<entry key-ref="om_omren_registrar" value="OM-REN"/>
<entry key-ref="ua_peano_registrar" value="UA"/>
<entry key-ref="pl_pionier_registrar" value="PL"/>
<entry key-ref="pk_pkifed_registrar" value="PK"/>
<entry key-ref="al_rash_registrar" value="AL"/>
<entry key-ref="pt_rctsaai_registrar" value="PT"/>
<entry key-ref="mt_ricerca_registrar" value="MT"/>
<entry key-ref="ug_rif_registrar" value="UG"/>
<entry key-ref="ro_edunetid_registrar" value="RO"/>
<entry key-ref="ru_runnet_registrar" value="RU-RUNNET"/>
<entry key-ref="sa_maeen_registrar" value="SA"/>
<entry key-ref="sk_safeid_registrar" value="SK"/>
<entry key-ref="za_safire_registrar" value="ZA"/>
<entry key-ref="sg_sgaf_registrar" value="SG"/>
<entry key-ref="my_sifulan_registrar" value="MY"/>
<entry key-ref="es_sir_registrar" value="ES"/>
<entry key-ref="nl_surfconext_registrar" value="NL"/>
<entry key-ref="se_swamid_registrar" value="SE"/>
<entry key-ref="ch_switchaai_registrar" value="CH"/>
<entry key-ref="ee_taat_registrar" value="EE"/>
<entry key-ref="th_thaiidf_registrar" value="TH"/>
<entry key-ref="bd_tigerfed_registrar" value="BD"/>
<entry key-ref="nz_tuakiri_registrar" value="NZ"/>
<entry key-ref="uk_ukf_registrar" value="UK"/>
<entry key-ref="dk_wayf_registrar" value="DK"/>
<entry key-ref="tr_yetkim_registrar" value="TR"/>
<!-- eduGAIN voting-only members -->
<entry key-ref="it_gridp_registrar" value="IT-GRIDP"/>
<!-- eduGAIN candidates -->
<entry key-ref="az_sciencenet_registrar" value="AZ"/>
<entry key-ref="me_eduid_registrar" value="ME"/>
<entry key-ref="rs_amres_registrar" value="RS"/>
<entry key-ref="lb_life_registrar" value="LB"/>
<entry key-ref="mw_maren_registrar" value="MW"/>
<entry key-ref="tj_tarena_registrar" value="TJ"/>
</util:map>
<!--
identificationStrategy
Standard item identifier strategy.
-->
<bean id="identificationStrategy" class="net.shibboleth.metadata.dom.saml.mdrpi.RegistrationAuthorityItemIdentificationStrategy"
p:registrationAuthorityDisplayNames-ref="registrationAuthorityDisplayNameMap">
<property name="ignoredRegistrationAuthorities">
<set>
<ref bean="us_incommon_registrar"/>
</set>
</property>
</bean>
<!--
errorAnnouncer
A pipeline stage that logs any errors present,
but takes no action on them.
-->
<bean id="errorAnnouncer" parent="mda.StatusMetadataLoggingStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
</list>
</property>
</bean>
<!--
infoAnnouncer
A pipeline stage that logs any info metadata present,
but takes no action on them.
-->
<bean id="infoAnnouncer" parent="mda.StatusMetadataLoggingStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.InfoStatus)}</value>
</list>
</property>
</bean>
<!--
warningAnnouncer
A pipeline stage that logs any warnings present,
but takes no action on them.
-->
<bean id="warningAnnouncer" parent="mda.StatusMetadataLoggingStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.WarningStatus)}</value>
</list>
</property>
</bean>
<!--
warningAndErrorAnnouncer
A pipeline stage that logs any errors and warnings present,
but takes no action on them.
-->
<bean id="warningAndErrorAnnouncer" parent="mda.StatusMetadataLoggingStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
<value>#{T(net.shibboleth.metadata.WarningStatus)}</value>
</list>
</property>
</bean>
<!--
errorRemover
This pipeline stage removes any items marked with an error status.
-->
<bean id="errorRemover" parent="mda.ItemMetadataFilterStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
</list>
</property>
</bean>
<!--
errorTerminator
This pipeline stage causes CLI termination if any item is marked with an error status.
-->
<bean id="errorTerminator" parent="mda.ItemMetadataTerminationStage">
<property name="identificationStrategy" ref="identificationStrategy"/>
<property name="selectionRequirements">
<list>
<value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
</list>
</property>
</bean>
<!--
errorAnnouncingFilter
Announce any errors or warnings encountered, then remove
any items that had errors. Items with just warnings are retained.
-->
<bean id="errorAnnouncingFilter" parent="mda.CompositeStage">
<property name="stages">
<list>
<ref bean="warningAndErrorAnnouncer"/>
<ref bean="errorRemover"/>
</list>
</property>
</bean>
<!--
errorTerminatingFilter
Announces any errors encountered, and then terminates if any are present.
Warnings are not announced, and do not cause termination.
-->
<bean id="errorTerminatingFilter" parent="mda.CompositeStage">
<property name="stages">
<list>
<ref bean="errorAnnouncer"/>
<ref bean="errorTerminator"/>
</list>
</property>
</bean>
<!--
*************************************
*** ***
*** S A M L M E T A D A T A ***
*** ***
*************************************
-->
<!--
QNames for SAML metadata elements.
-->
<bean id="md-AdditionalMetadataLocation" parent="QName" c:_0-ref="md_namespace" c:_1="AdditionalMetadataLocation"/>
<bean id="md-ArtifactResolutionService" parent="QName" c:_0-ref="md_namespace" c:_1="ArtifactResolutionService"/>
<bean id="md-AssertionConsumerService" parent="QName" c:_0-ref="md_namespace" c:_1="AssertionConsumerService"/>
<bean id="md-AssertionIDRequestService" parent="QName" c:_0-ref="md_namespace" c:_1="AssertionIDRequestService"/>
<bean id="md-AttributeProfile" parent="QName" c:_0-ref="md_namespace" c:_1="AttributeProfile"/>
<bean id="md-AttributeService" parent="QName" c:_0-ref="md_namespace" c:_1="AttributeService"/>
<bean id="md-AuthnQueryService" parent="QName" c:_0-ref="md_namespace" c:_1="AuthnQueryService"/>
<bean id="md-AuthzService" parent="QName" c:_0-ref="md_namespace" c:_1="AuthzService"/>
<bean id="md-Company" parent="QName" c:_0-ref="md_namespace" c:_1="Company"/>
<bean id="md-EmailAddress" parent="QName" c:_0-ref="md_namespace" c:_1="EmailAddress"/>
<bean id="md-GivenName" parent="QName" c:_0-ref="md_namespace" c:_1="GivenName"/>
<bean id="md-ManageNameIDService" parent="QName" c:_0-ref="md_namespace" c:_1="ManageNameIDService"/>
<bean id="md-NameIDFormat" parent="QName" c:_0-ref="md_namespace" c:_1="NameIDFormat"/>
<bean id="md-NameIDMappingService" parent="QName" c:_0-ref="md_namespace" c:_1="NameIDMappingService"/>
<bean id="md-OrganizationDisplayName" parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationDisplayName"/>
<bean id="md-OrganizationName" parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationName"/>
<bean id="md-OrganizationURL" parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationURL"/>
<bean id="md-ServiceDescription" parent="QName" c:_0-ref="md_namespace" c:_1="ServiceDescription"/>
<bean id="md-ServiceName" parent="QName" c:_0-ref="md_namespace" c:_1="ServiceName"/>
<bean id="md-SingleLogoutService" parent="QName" c:_0-ref="md_namespace" c:_1="SingleLogoutService"/>
<bean id="md-SingleSignOnService" parent="QName" c:_0-ref="md_namespace" c:_1="SingleSignOnService"/>
<bean id="md-SurName" parent="QName" c:_0-ref="md_namespace" c:_1="SurName"/>
<bean id="md-TelephoneNumber" parent="QName" c:_0-ref="md_namespace" c:_1="TelephoneNumber"/>
<!--
Basic EntitiesDescriptor disassembler pipeline stage.
-->
<bean id="disassemble" parent="mda.EntitiesDescriptorDisassemblerStage"/>
<!--
Basic EntitiesDescriptor assembler pipeline stage.
-->
<bean id="assemble" parent="mda.EntitiesDescriptorAssemblerStage"/>
<!--
Populate ItemId values from entities.
-->
<bean id="populateItemIds" parent="mda.EntityDescriptorItemIdPopulationStage"/>
<!--
Remove any empty Extensions elements.
-->
<bean id="stripEmptyExtensions" parent="mda.EmptyContainerStrippingStage"
p:elementName="Extensions"
p:elementNamespace-ref="md_namespace"/>
<!--
Beans to strip out selected SAML metadata elements.
-->
<bean id="stripArtifactResolutionService" parent="mda.ElementStrippingStage"
p:elementName="ArtifactResolutionService"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripAssertionConsumerService" parent="mda.ElementStrippingStage"
p:elementName="AssertionConsumerService"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripAttributeAuthorityDescriptor" parent="mda.ElementStrippingStage"
p:elementName="AttributeAuthorityDescriptor"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripAttributeConsumingService" parent="mda.ElementStrippingStage"
p:elementName="AttributeConsumingService"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripContactPerson" parent="mda.ElementStrippingStage"
p:elementName="ContactPerson"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripKeyDescriptor" parent="mda.ElementStrippingStage"
p:elementName="KeyDescriptor"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripManageNameIDService" parent="mda.ElementStrippingStage"
p:elementName="ManageNameIDService"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripNameIDFormat" parent="mda.ElementStrippingStage"
p:elementName="NameIDFormat"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripSingleLogoutService" parent="mda.ElementStrippingStage"
p:elementName="SingleLogoutService"
p:elementNamespace-ref="md_namespace"/>
<bean id="stripSingleSignOnService" parent="mda.ElementStrippingStage"
p:elementName="SingleSignOnService"
p:elementNamespace-ref="md_namespace"/>
<!--
*************************************************
*** ***
*** M D R P I S P E C I F I C A T I O N ***
*** ***
*************************************************
-->
<!--
Populate RegistrationAuthority values from entities.
-->
<bean id="populateRegistrationAuthorities" parent="mda.RegistrationAuthorityPopulationStage"/>
<!--
default_regauth_parent
Parent (template) for per-channel beans.
Any registrationAuthority already present on an entity in this
channel must match the known registration authority value.
-->
<bean id="default_regauth_parent" abstract="true" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:default_regauth.xsl"/>
<!--
***********************************************
*** ***
*** M D U I S P E C I F I C A T I O N ***
*** ***
***********************************************
-->
<bean id="mdui-Description" parent="QName" c:_0-ref="mdui_namespace" c:_1="Description"/>
<bean id="mdui-DisplayName" parent="QName" c:_0-ref="mdui_namespace" c:_1="DisplayName"/>
<bean id="mdui-DomainHint" parent="QName" c:_0-ref="mdui_namespace" c:_1="DomainHint"/>
<bean id="mdui-GeolocationHint" parent="QName" c:_0-ref="mdui_namespace" c:_1="GeolocationHint"/>
<bean id="mdui-InformationURL" parent="QName" c:_0-ref="mdui_namespace" c:_1="InformationURL"/>
<bean id="mdui-IPHint" parent="QName" c:_0-ref="mdui_namespace" c:_1="IPHint"/>
<bean id="mdui-Keywords" parent="QName" c:_0-ref="mdui_namespace" c:_1="Keywords"/>
<bean id="mdui-Logo" parent="QName" c:_0-ref="mdui_namespace" c:_1="Logo"/>
<bean id="mdui-PrivacyStatementURL" parent="QName" c:_0-ref="mdui_namespace" c:_1="PrivacyStatementURL"/>
<bean id="stripMDUIDiscoHints" parent="mda.ElementStrippingStage"
p:elementName="DiscoHints"
p:elementNamespace-ref="mdui_namespace"/>
<!--
stripAAMDUI
Remove all MDUI metadata from attribute authority roles.
-->
<bean id="stripAAMDUI" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:strip-aa-mdui.xsl"/>
<!--
stripMDUILogoData
Remove all mdui:Logo elements containing data: URLs.
-->
<bean id="stripMDUILogoData" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:strip-mdui-logo-data.xsl"/>
<!--
stripMDUILogoHttp
Remove any mdui:Logo elements containing http:// URLs.
-->
<bean id="stripMDUILogoHttp" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:strip-mdui-logo-http.xsl"/>
<!--
stripEmptyMDUIUIInfo
Remove any empty mdui:UIInfo container elements.
-->
<bean id="stripEmptyMDUIUIInfo" parent="mda.EmptyContainerStrippingStage">
<property name="elementNamespace" ref="mdui_namespace"/>
<property name="elementName" value="UIInfo"/>
</bean>
<!--
strip_mdui_logo_length
Filter out mdui:Logo elements whose text content is
longer than a threshold value. Add a warning to the
entity when this is done.
-->
<bean id="strip_mdui_logo_length" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:strip-mdui-logo-length.xsl">
<property name="transformParameters">
<map>
<entry key="maxLength" value="${mdui.logo.length.remove:50000}"/>
</map>
</property>
</bean>
<!--
*****************************************************
*** ***
*** S H I B B O L E T H E X T E N S I O N S ***
*** ***
*****************************************************
-->
<bean id="shibmd-Scope" parent="QName" c:_0-ref="shibmd_namespace" c:_1="Scope"/>
<bean id="stripShibScope" parent="mda.ElementStrippingStage"
p:elementName="Scope"
p:elementNamespace-ref="shibmd_namespace"/>
<!--
***************************
*** ***
*** X M L D S I G ***
*** ***
***************************
-->
<bean id="ds-X509Certificate" parent="QName" c:_0-ref="ds_namespace"
c:_1="X509Certificate"/>
<!--
stripKeyNames
Remove all ds:KeyName elements.
-->
<bean id="stripKeyNames" parent="mda.ElementStrippingStage"
p:elementName="KeyName"
p:elementNamespace-ref="ds_namespace"/>
<!--
wrapX509Certificates
Normalise the text inside ds:X509Certificate elements by
removing all white space, then reformatting for 64 characters
per line.
-->
<bean id="wrapX509Certificates" parent="ukf.ElementBase64WrappingStage"
p:elementName-ref="ds-X509Certificate"/>
<!--
*************************************
*** ***
*** D O M U T I L I T I E S ***
*** ***
*************************************
-->
<!--
httpClientBuilder
Factory for the httpClient bean below.
Sets the option to ignore validation of a server's TLS credentials.
Sets socket and connection timeouts explicitly (to 100s) to
override the tight defaults in java-support, see:
https://github.com/ukf/ukf-meta/issues/1
https://issues.shibboleth.net/jira/browse/JSPT-48
These options can be removed once the underlying issue has been resolved.
-->
<bean id="httpClientBuilder" parent="mda.HttpClientBuilder"
p:connectionDisregardTLSCertificate="true"
p:socketTimeout="PT100S"
p:connectionTimeout="PT100S"
/>
<!--
httpClient
Common, basic, HTTP client for use with HTTP resources.
-->
<bean id="httpClient" factory-bean="httpClientBuilder" factory-method="buildClient"/>
<!--
parserPool
A pre-configured parser pool for use by source stages.
-->
<bean id="parserPool" parent="mda.BasicParserPool"
p:ignoreComments="false"
p:ignoreElementContentWhitespace="false"/>
<!--
schemaResources
A list of all schema documents that we make common use of in SAML metadata.
The schemas are organised such that each schema appears before any of the schemas importing it,
so that the parser is not required to explicitly resolve any imports.
-->
<util:list id="schemaResources">
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/incommon-metadata.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/refeds-metadata.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/xml.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/xmldsig-core-schema.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd -->
<constructor-arg value="schema/xenc-schema.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd, xenc-schema.xsd -->
<constructor-arg value="schema/saml-schema-assertion-2.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd, xenc-schema.xsd, saml-schema-assertion-2.0.xsd, xml.xsd -->
<constructor-arg value="schema/saml-schema-metadata-2.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/ws-addr.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports ws-addr.xsd -->
<constructor-arg value="schema/ws-securitypolicy-1.2.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/MetadataExchange.xsd"/>
</bean>
<bean parent="ClassPathResource">
<constructor-arg value="schema/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports oasis-200401-wss-wssecurity-utility-1.0.xsd, xml.xsd, xmldsig-core-schema.xsd -->
<constructor-arg value="schema/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports saml-schema-metadata-2.0.xsd, xml.xsd -->
<constructor-arg value="schema/saml-metadata-rpi-v1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd -->
<constructor-arg value="schema/shibboleth-metadata-1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports saml-schema-assertion-2.0.xsd -->
<constructor-arg value="schema/sstc-metadata-attr.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports saml-schema-metadata-2.0.xsd -->
<constructor-arg value="schema/sstc-request-initiation.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/sstc-saml-holder-of-key-browser-sso.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports saml-schema-metadata-2.0.xsd -->
<constructor-arg value="schema/sstc-saml-idp-discovery.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/sstc-saml-metadata-algsupport-v1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports saml-schema-metadata-2.0.xsd, xml.xsd -->
<constructor-arg value="schema/sstc-saml-metadata-ui-v1.0.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- no imports -->
<constructor-arg value="schema/uk-fed-label.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xenc-schema.xsd -->
<constructor-arg value="schema/ws-authorization.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!--
Imports oasis-200401-wss-wssecurity-secext-1.0.xsd, oasis-200401-wss-wssecurity-utility-1.0.xsd,
ws-addr.xsd, MetadataExchange.xsd, saml-schema-metadata-2.0.xsd, ws-securitypolicy-1.2.xsd,
ws-authorization.xsd.
-->
<constructor-arg value="schema/ws-federation.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd, xenc-schema.xsd -->
<constructor-arg value="schema/xenc-schema-11.xsd"/>
</bean>
<bean parent="ClassPathResource">
<!-- imports xmldsig-core-schema.xsd -->
<constructor-arg value="schema/xmldsig11-schema.xsd"/>
</bean>
</util:list>
<!--
checkSchemas
A pipeline stage that checks against all the common schemas, as above.
-->
<bean id="checkSchemas" parent="mda.XMLSchemaValidationStage">
<property name="schemaResources" ref="schemaResources"/>
</bean>
<!--
stripComments
A pipeline stage that removes all XML comments from items.
-->
<bean id="stripComments" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:strip-comments.xsl"/>
<!--
everythingSelector
An item selection strategy that selects all items.
-->
<bean id="everythingSelector" class="com.google.common.base.Predicates"
factory-method="alwaysTrue"/>
<!--
Standard serializer.
-->
<bean id="serializer" parent="mda.DOMElementSerializer"/>
<!--
Merge strategy that removes duplicates.
-->
<bean id="deduplicateMergeStrategy" parent="mda.DeduplicatingItemIdMergeStrategy"/>
<!--
***********************
*** ***
*** I M P O R T ***
*** ***
***********************
-->
<!--
cleanImport
A pipeline stage that can be used in an import pipeline to clean up the metadata
presented, for example by removing redundant attributes or elements which only have
meaning when added by the UK federation registrar.
-->
<bean id="cleanImport" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:clean-import.xsl"/>
<!--
trimImportElementWhitespace
Trim whitespace from the specified elements in imported
entities. These would be errors in UK-registered metadata,
but repairing the metadata on the fly is often easier than
asking for it to be corrected at source.
-->
<bean id="trimImportElementWhitespace" parent="mda.ElementWhitespaceTrimmingStage">
<property name="elementNames">
<set>
<ref bean="md-AdditionalMetadataLocation"/>
<ref bean="md-AttributeProfile"/>
<ref bean="md-Company"/>
<ref bean="md-EmailAddress"/>
<ref bean="md-GivenName"/>
<ref bean="md-NameIDFormat"/>
<ref bean="md-OrganizationDisplayName"/>
<ref bean="md-OrganizationName"/>
<ref bean="md-OrganizationURL"/>
<ref bean="md-ServiceDescription"/>
<ref bean="md-ServiceName"/>
<ref bean="md-SurName"/>
<ref bean="md-TelephoneNumber"/>
<ref bean="mdui-GeolocationHint"/>
<ref bean="mdui-InformationURL"/>
<ref bean="mdui-Logo"/>
<ref bean="mdui-PrivacyStatementURL"/>
</set>
</property>
</bean>
<!--
standardImportActions
Standard actions performed on any metadata import channel. Assumes that the
collection has been acquired, had its signature validated, and disassembled into
individual entities.
The result is a collection of entities, some of which may be labelled with
errors. No announcement or removal of those entities is performed here;
that is left to the caller.
-->
<bean id="standardImportActions" parent="mda.CompositeStage">
<property name="stages">
<list>
<ref bean="populateItemIds"/>
<ref bean="populateRegistrationAuthorities"/>
<!--
Strip all elements and attributes that are in namespaces
other than the ones we accept from partners.
-->
<bean id="whitelistImportedNamespaces" parent="mda.NamespacesStrippingStage"
p:keeping="true">
<property name="namespaces">
<set>
<ref bean="alg_namespace"/>
<ref bean="ds_namespace"/>
<ref bean="hoksso_namespace"/>
<ref bean="icmd_namespace"/>
<ref bean="idpdisc_namespace"/>
<ref bean="init_namespace"/>
<ref bean="md_namespace"/>
<ref bean="mdattr_namespace"/>
<ref bean="mdrpi_namespace"/>
<ref bean="mdui_namespace"/>
<ref bean="remd_namespace"/>
<ref bean="saml_namespace"/>
<ref bean="shibmd_namespace"/>
<ref bean="xenc_namespace"/>
<ref bean="xml_namespace"/>
</set>
</property>
</bean>
<!--
Stages that modify metadata come first, so that
anything they remove is not checked later.
-->
<ref bean="cleanImport"/>
<ref bean="wrapX509Certificates"/>
<ref bean="stripAAMDUI"/>
<ref bean="stripMDUILogoHttp"/>
<ref bean="trimImportElementWhitespace"/>
<ref bean="stripEmptyExtensions"/>
<ref bean="strip_mdui_logo_length"/>
<ref bean="uk_add_cbc_encryption"/>
<ref bean="checkSchemas"/>
<ref bean="CHECK_std"/>
<ref bean="check_namespaces"/>
<ref bean="check_standard_certificates"/>
</list>
</property>
</bean>
<!--
standardImportTail
Standard actions performed at the end of any metadata import flow. As imports
are currently ending up in files, build an EntitiesDescriptor and normalise the
namespaces in the document ready for serialisation.
-->
<bean id="standardImportTail" parent="mda.CompositeStage">
<property name="stages">
<list>
<!-- announce and remove any entities with errors -->
<ref bean="errorAnnouncingFilter"/>
<ref bean="assemble"/>
<ref bean="normaliseNamespaces"/>
</list>
</property>
</bean>
</beans>