Add utilities to replace HideFromWAYF element with hide-from-disco En…

…tity Category

utilities/2017-02-27/README.md

@@ -0,0 +1,38 @@
+# `utilities/2017-02-27`
+
+Scripts to replace the HideFromWAYF element in entity fragment files
+with the REFEDS Hide from Discovery Entity Category.
+
+## 1. Check that no hidden IdPs have Entity Attributes already
+
+Since there can only be a single Entity Attribute element in an entity fragment file,
+we first check that there are no hidden IdPs that already have an Entity Attributes
+element. If there are (and there are not too many) we edit these files manually.
+
+Run the script on the entity fragment files: `xsltproc listHideFromWAYFandEA.xsl uk*.xml`
+
+## 2. Replace HideFromWAYF element with hide-from-disco Entity Category
+
+This command replaces the HideFromWAYF element with an Entity Attributes element
+containing the REFEDS hide-from-disco entity category:
+
+`replaceHideFromWAYF.pl uk*.xml`
+
+It presumes that the `saml` and `mdattr` namespace prefixes are already defined in the
+entity fragment files.
+
+The perl regex matches the string HideFromWAYF rather than an XML element, so check
+that transform has only modified the HideFromWAYF element by generating unsigned
+aggregates before and after the transform and and looking at the differences.
+The only changes should be the timestamp and quantities derived from the timestamp.
+There is a small possibility that the generate target imports different entities from
+eduGAIN -- these differences can be ignored.
+
+```
+ant samlmd.aggregates.generate
+cp ukfederation-metadata.xml /tmp/
+replaceHideFromWAYF.pl uk*.xml
+ant samlmd.aggregates.generate
+diff ukfederation-metadata.xml /tmp/
+```
+

utilities/2017-02-27/listHideFromWAYFandEA.xsl

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0"
+        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+        xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+        xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+        xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+        <xsl:output method="text" encoding="UTF-8"/>
+
+        <xsl:template match="md:EntityDescriptor
+		                    [md:Extensions/mdattr:EntityAttributes]
+		                    [md:Extensions/wayf:HideFromWAYF]">
+                <xsl:value-of select="@entityID"/>
+                <xsl:text>&#10;</xsl:text>
+        </xsl:template>
+
+        <xsl:template match="text()">
+                <!-- do nothing -->
+        </xsl:template>
+</xsl:stylesheet>

utilities/2017-02-27/replaceHideFromWAYF.pl

@@ -0,0 +1,18 @@
+#!/usr/bin/perl -wni
+
+# If line contains HideFromWAYF, replace it with the Entity Category
+if (/HideFromWAYF/) {
+    print <<EOF;
+        <mdattr:EntityAttributes>
+            <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
+            </saml:Attribute>
+        </mdattr:EntityAttributes>
+EOF
+# and don't print the line containing HideFromWAYF
+    next;
+}
+
+# If the line didn't have HideFromWAYF, print it unchanged
+print;
+