Factor out the common tail of all (current) import pipelines. Add a s…

…tage to silently filter out any entities we're seeing from elsewhere which claim to be registered by the UK federation. Although removal of duplicates addresses most issues in this area, and strict checking of registration authority information coming from a registrar handles most others, there are some concerns about feeds from multi-registrar sources such as eduGAIN which this addresses. This should prevent spoofing that isn't detected by eduGAIN, and also prevent an entity which we have deregistered coming back to haunt us via eduGAIN.
InCommon · Jul 29, 2013 · 7bd0fef · 7bd0fef
1 parent 85669ce
commit 7bd0fef
Showing 1 changed file with 39 additions and 7 deletions.
diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml
@@ -194,14 +194,48 @@
         ***                                     ***
         *******************************************
     -->
-
+
+    <!--
+        removeUKEntities
+        
+        Filter out entities which declare themselves as registered
+        by the UK federation.  We don't want those coming back in
+        from another registrar or metadata exchange as they may be
+        old versions of entities we have deregistered, or spoofed.
+    -->
+    <bean id="removeUKEntities" parent="EntityRegistrationAuthorityFilterStage"
+        p:id="removeUKEntities">
+        <property name="designatedRegistrationAuthorities">
+            <list>
+                <ref bean="uk_federation_uri"/>
+            </list>
+        </property>
+        <property name="requiringRegistrationInformation" value="true"/>
+        <property name="whitelistingRegistrationAuthorities" value="false"/>
+    </bean>
+
+    <!--
+        importCommonTail
+        
+        Common actions to be performed on each import pipeline.
+    -->
+    <bean id="importCommonTail" parent="CompositeStage"
+        p:id="importCommonTail">
+        <property name="composedStages">
+            <list>
+                <ref bean="removeUKEntities"/>
+                <ref bean="uk_fix_mailto"/>
+                <ref bean="uk_hide_idps"/>
+            </list>
+        </property>
+    </bean>
+
     <bean id="uk_ie_edugate_importPipeline" parent="SimplePipeline"
         p:id="uk_ie_edugate_importPipeline">
         <property name="stages">
             <list>
                 <ref bean="ie_edugate_exportedEntities"/>
-                <ref bean="uk_fix_mailto"/>
-                <ref bean="uk_hide_idps"/>
+                <ref bean="importCommonTail"/>
             </list>
         </property>
     </bean>
@@ -211,8 +245,7 @@
         <property name="stages">
             <list>
                 <ref bean="se_swamid_edugainEntities"/>
-                <ref bean="uk_fix_mailto"/>
-                <ref bean="uk_hide_idps"/>
+                <ref bean="importCommonTail"/>
             </list>
         </property>
     </bean>
@@ -222,8 +255,7 @@
         <property name="stages">
             <list>
                 <ref bean="us_incommon_exportedEntities"/>
-                <ref bean="uk_fix_mailto"/>
-                <ref bean="uk_hide_idps"/>
+                <ref bean="importCommonTail"/>
             </list>
         </property>
     </bean>