-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Metadata import transform. Works on Shib 2 IdPs and selected other th…
…ings. Definitely a work in progress.
- Loading branch information
Showing
2 changed files
with
252 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| #!/usr/bin/perl -w | ||
|
|
||
| # | ||
| # Import an entity metadata fragment file. | ||
| # | ||
| # This utility is intended for use immediately before checking in a new entity fragment, | ||
| # or prior to checking in major changes such as to embedded trust certificates. | ||
| # | ||
| # The fragment is indicated by a numeric parameter, e.g. 999 would indicate uk000999.xml | ||
| # | ||
| # ./check_entity 123 | ||
| # | ||
|
|
||
| system("java -cp ../bin:../lib/joda-time-1.6.jar -Djava.endorsed.dirs=../endorsed org.apache.xalan.xslt.Process -IN ../entities/import.xml -OUT ../entities/imported.xml -XSL import.xsl"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,238 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!-- | ||
| import.xsl | ||
| XSL stylesheet that takes a SAML 2 metadata file containing | ||
| an EntityDescriptor from some other system (e.g., metadata | ||
| generated automatically by a Shibboleth installation) and | ||
| adjusts it towards the standard used for a UK federation | ||
| metadata repository fragment file. | ||
| Assumptions: | ||
| * the output will have oXygen's "format and indent" applied | ||
| via the Eclipse plug-in. This means that output format doesn't | ||
| need to be particularly precise. | ||
| * the metadata comes from a UK federation member | ||
| * the metadata most likely represents a Shibboleth 2.x entity | ||
| Author: Ian A. Young <ian@iay.org.uk> | ||
| --> | ||
| <xsl:stylesheet version="1.0" | ||
| xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | ||
| xmlns:ds="http://www.w3.org/2000/09/xmldsig#" | ||
| xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" | ||
| xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" | ||
|
|
||
| xmlns:ukfxd="xalan://uk.org.ukfederation.xalan.Dates" | ||
| xmlns:ukftu="xalan://uk.org.ukfederation.xalan.TextUtils" | ||
| extension-element-prefixes="ukfxd ukftu" | ||
|
|
||
| xmlns:xalan="http://xml.apache.org/xalan" | ||
|
|
||
| xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> | ||
|
|
||
| <!-- | ||
| Force UTF-8 encoding for the output. | ||
| --> | ||
| <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" | ||
| indent="yes" xalan:indent-amount="4" | ||
| /> | ||
|
|
||
| <xsl:strip-space elements="md:EntityDescriptor"/> | ||
|
|
||
| <!-- | ||
| Top-level EntityDescriptor element. | ||
| --> | ||
| <xsl:template match="md:EntityDescriptor"> | ||
| <xsl:text> </xsl:text> | ||
| <EntityDescriptor ID="uk000000_CHANGE_THIS" | ||
| xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd | ||
| urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd | ||
| http://ukfederation.org.uk/2006/11/label uk-fed-label.xsd | ||
| http://www.w3.org/2001/04/xmlenc# xenc-schema.xsd | ||
| http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"> | ||
|
|
||
| <!-- | ||
| Copy across the @entityID attribute. Other attributes from the input document | ||
| are discarded. | ||
| --> | ||
| <xsl:attribute name="entityID"><xsl:value-of select="@entityID"/></xsl:attribute> | ||
|
|
||
| <!-- | ||
| Entity comment. | ||
| --> | ||
| <!-- <xsl:text> </xsl:text> --> | ||
| <xsl:text> </xsl:text> | ||
| <xsl:comment> | ||
| <xsl:text> </xsl:text> | ||
| <xsl:text> *** ENTITY COMMENT GOES HERE ***</xsl:text> | ||
| <xsl:text> </xsl:text> | ||
| <xsl:text> </xsl:text> | ||
| </xsl:comment> | ||
|
|
||
| <!-- | ||
| Always have an Extensions element. This may combine new material with any material | ||
| present in an existing Extensions element. | ||
| --> | ||
| <Extensions> | ||
|
|
||
| <!-- | ||
| Pull up scopes from role descriptor if they are not | ||
| already present at the entity level. | ||
| --> | ||
| <xsl:if test="not(md:Extensions/shibmd:Scope)"> | ||
| <xsl:apply-templates select="md:IDPSSODescriptor/md:Extensions/shibmd:Scope"/> | ||
| </xsl:if> | ||
|
|
||
| <!-- | ||
| Always assumed to be owned by a member of the UK federation. | ||
| --> | ||
| <ukfedlabel:UKFederationMember/> | ||
|
|
||
| <!-- | ||
| Dummy elements to include for IdPs only. | ||
| --> | ||
| <xsl:if test="md:IDPSSODescriptor"> | ||
| <xsl:comment> *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** </xsl:comment> | ||
| <ukfedlabel:AccountableUsers/> | ||
| <xsl:comment> *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** </xsl:comment> | ||
| <wayf:HideFromWAYF xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"/> | ||
| </xsl:if> | ||
|
|
||
| <!-- | ||
| Dummy Software element. | ||
| --> | ||
| <ukfedlabel:Software name="Shibboleth" | ||
| version="2" fullVersion="*** FILL IN OR REMOVE ***"> | ||
| <xsl:attribute name="date"><xsl:value-of select="ukfxd:date()"/></xsl:attribute> | ||
| </ukfedlabel:Software> | ||
|
|
||
| <!-- | ||
| Include any existing extensions at the top level. | ||
| --> | ||
| <xsl:apply-templates select="md:Extensions/*"/> | ||
|
|
||
| </Extensions> | ||
|
|
||
| <!-- | ||
| Express role descriptors in a fixed order. | ||
| --> | ||
| <xsl:apply-templates select="md:IDPSSODescriptor"/> | ||
| <xsl:apply-templates select="md:AttributeAuthorityDescriptor"/> | ||
| <xsl:apply-templates select="md:SPSSODescriptor"/> | ||
|
|
||
| <!-- | ||
| Include an Organization if there isn't one there already. | ||
| --> | ||
| <xsl:choose> | ||
| <xsl:when test="md:Organization"> | ||
| <xsl:apply-templates select="md:Organization"/> | ||
| </xsl:when> | ||
| <xsl:otherwise> | ||
| <Organization> | ||
| <OrganizationName xml:lang="en">*** FILL IN ***</OrganizationName> | ||
| <OrganizationDisplayName xml:lang="en">*** FILL IN ***</OrganizationDisplayName> | ||
| <OrganizationURL xml:lang="en">http://*** FILL IN ***/</OrganizationURL> | ||
| </Organization> | ||
| </xsl:otherwise> | ||
| </xsl:choose> | ||
|
|
||
| <!-- | ||
| Include a support contact if there isn't one. | ||
| --> | ||
| <xsl:choose> | ||
| <xsl:when test="md:ContactPerson[@contactType='support']"> | ||
| <xsl:apply-templates select="md:ContactPerson[@contactType='support']"/> | ||
| </xsl:when> | ||
| <xsl:otherwise> | ||
| <ContactPerson contactType="support"> | ||
| <GivenName>*** FILL IN ***</GivenName> | ||
| <SurName>*** FILL IN ***</SurName> | ||
| <EmailAddress>mailto:*** FILL IN ***</EmailAddress> | ||
| </ContactPerson> | ||
| </xsl:otherwise> | ||
| </xsl:choose> | ||
|
|
||
| <!-- | ||
| Include a technical contact if there isn't one. | ||
| --> | ||
| <xsl:choose> | ||
| <xsl:when test="md:ContactPerson[@contactType='technical']"> | ||
| <xsl:apply-templates select="md:ContactPerson[@contactType='technical']"/> | ||
| </xsl:when> | ||
| <xsl:otherwise> | ||
| <ContactPerson contactType="technical"> | ||
| <GivenName>*** FILL IN ***</GivenName> | ||
| <SurName>*** FILL IN ***</SurName> | ||
| <EmailAddress>mailto:*** FILL IN ***</EmailAddress> | ||
| </ContactPerson> | ||
| </xsl:otherwise> | ||
| </xsl:choose> | ||
|
|
||
| <!-- | ||
| Include an administrative contact if there isn't one. | ||
| --> | ||
| <xsl:choose> | ||
| <xsl:when test="md:ContactPerson[@contactType='administrative']"> | ||
| <xsl:apply-templates select="md:ContactPerson[@contactType='administrative']"/> | ||
| </xsl:when> | ||
| <xsl:otherwise> | ||
| <ContactPerson contactType="administrative"> | ||
| <GivenName>*** FILL IN ***</GivenName> | ||
| <SurName>*** FILL IN ***</SurName> | ||
| <EmailAddress>mailto:*** FILL IN ***</EmailAddress> | ||
| </ContactPerson> | ||
| </xsl:otherwise> | ||
| </xsl:choose> | ||
|
|
||
| </EntityDescriptor> | ||
| </xsl:template> | ||
|
|
||
|
|
||
| <!-- | ||
| Patch any @use-less KeyName descriptors in IdP roles | ||
| for the benefit of Shib SPs pre-1.3.1. | ||
| --> | ||
| <xsl:template match="md:IDPSSODescriptor/md:KeyDescriptor[not(@use)] | | ||
| md:AttributeAuthorityDescriptor/md:KeyDescriptor[not(@use)]"> | ||
| <xsl:copy> | ||
| <xsl:attribute name="use">signing</xsl:attribute> | ||
| <xsl:apply-templates/> | ||
| </xsl:copy> | ||
| </xsl:template> | ||
|
|
||
|
|
||
| <!-- | ||
| Normalise whitespace in X509Certificate elements. | ||
| --> | ||
| <xsl:template match="ds:X509Certificate"> | ||
| <xsl:element name="ds:X509Certificate"> | ||
| <xsl:text> </xsl:text> | ||
| <xsl:value-of select="ukftu:wrapBase64(.)"/> | ||
| <xsl:text> </xsl:text> | ||
| </xsl:element> | ||
| </xsl:template> | ||
|
|
||
|
|
||
| <!--By default, copy text blocks, comments and attributes unchanged.--> | ||
| <xsl:template match="text()|comment()|@*"> | ||
| <xsl:copy/> | ||
| </xsl:template> | ||
|
|
||
|
|
||
| <!--By default, copy all elements from the input to the output, along with their attributes and contents.--> | ||
| <xsl:template match="*"> | ||
| <xsl:copy> | ||
| <xsl:apply-templates select="node()|@*"/> | ||
| </xsl:copy> | ||
| </xsl:template> | ||
|
|
||
| </xsl:stylesheet> |