Skip to content
This repository has been archived by the owner. It is now read-only.

Commit

Permalink
SIRTFI: import from eduGAIN and republish to test aggregate
Browse files Browse the repository at this point in the history
  • Loading branch information
@iay
iay committed Dec 5, 2016
1 parent 070071d commit a366c4b
Show file tree
Hide file tree
Showing 5 changed files with 100 additions and 2 deletions.
1 change: 1 addition & 0 deletions mdx/common-beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1173,6 +1173,7 @@
<ref bean="mdattr_namespace"/>
<ref bean="mdrpi_namespace"/>
<ref bean="mdui_namespace"/>
<ref bean="remd_namespace"/>
<ref bean="saml_namespace"/>
<ref bean="shibmd_namespace"/>
<ref bean="xenc_namespace"/>
Expand Down
18 changes: 17 additions & 1 deletion mdx/uk/check_uk_mdattr.xsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
<xsl:template match="mdattr:EntityAttributes/saml:Attribute
[@Name != 'http://macedir.org/entity-category']
[@Name != 'http://macedir.org/entity-category-support']
[@Name != 'urn:oasis:names:tc:SAML:attribute:assurance-certification']
">
<xsl:call-template name="error">
<xsl:with-param name="m">
Expand Down Expand Up @@ -102,5 +103,20 @@
</xsl:with-param>
</xsl:call-template>
</xsl:template>


<!--
Validate assurance certification values.
-->
<xsl:template match="mdattr:EntityAttributes/saml:Attribute[@Name='urn:oasis:names:tc:SAML:attribute:assurance-certification']
/saml:AttributeValue
[. != 'https://refeds.org/sirtfi']
">
<xsl:call-template name="error">
<xsl:with-param name="m">
<xsl:text>unknown assurance certification URI </xsl:text>
<xsl:value-of select="."/>
</xsl:with-param>
</xsl:call-template>
</xsl:template>

</xsl:stylesheet>
81 changes: 80 additions & 1 deletion mdx/uk/generate.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,67 @@
</list>
</property>
</bean>


<!--
*****************************************
*** ***
*** S I R T F I H A N D L I N G ***
*** ***
*****************************************
-->

<!--
Entity attribute matcher for the SIRTFI assurance certification.
-->
<bean id="SIRTFI.entity.attribute.matcher" parent="MultiPredicateMatcher">
<property name="nameFormatPredicate">
<bean class="com.google.common.base.Predicates"
factory-method="equalTo"
c:_="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
/>
</property>
<property name="namePredicate">
<bean class="com.google.common.base.Predicates"
factory-method="equalTo"
c:_="urn:oasis:names:tc:SAML:attribute:assurance-certification"
/>
</property>
<property name="valuePredicate">
<bean class="com.google.common.base.Predicates"
factory-method="equalTo"
c:_="https://refeds.org/sirtfi"
/>
</property>
</bean>

<!--
Remove the REFEDS metadata namespace.
-->
<bean id="strip.remd.namespace" parent="NamespaceStrippingStage"
p:namespace-ref="remd_namespace"/>

<!--
Strip SIRTFI information.
-->
<bean id="strip.SIRTFI" parent="CompositeStage">
<property name="composedStages">
<list>
<!-- remove the REFEDS metadata namespace -->
<ref bean="strip.remd.namespace"/>

<!-- remove the SIRTFI entity attribute -->
<bean id="entityAttributes" parent="EntityAttributeFilteringStage"
p:whitelisting="false">
<property name="rules">
<list>
<ref bean="SIRTFI.entity.attribute.matcher"/>
</list>
</property>
</bean>
</list>
</property>
</bean>

<!--
*******************************************
*** ***
Expand Down Expand Up @@ -205,6 +265,10 @@
<!-- Permit REFEDS R&S category *support* from any eduGAIN participant. -->
<bean parent="EntityCategorySupportMatcher"
c:category="http://refeds.org/category/research-and-scholarship"/>

<!-- Permit SIRTFI entity attribute from any eduGAIN participant -->
<ref bean="SIRTFI.entity.attribute.matcher"/>

</list>
</property>
</bean>
Expand Down Expand Up @@ -242,6 +306,11 @@
<bean id="uk_productionPipeline" parent="SimplePipeline">
<property name="stages">
<list>
<!--
Remove SIRTFI metadata.
-->
<ref bean="strip.SIRTFI"/>

<!--
Enforce IdP display name uniqueness before assembling aggregate
-->
Expand Down Expand Up @@ -299,6 +368,11 @@
<bean id="uk_wayfPipeline" parent="SimplePipeline">
<property name="stages">
<list>
<!--
Remove SIRTFI metadata.
-->
<ref bean="strip.SIRTFI"/>

<!--
Enforce IdP display name uniqueness before assembling aggregate
-->
Expand Down Expand Up @@ -477,6 +551,11 @@
<bean id="uk_fallbackPipeline" parent="SimplePipeline">
<property name="stages">
<list>
<!--
Remove SIRTFI metadata.
-->
<ref bean="strip.SIRTFI"/>

<!--
Enforce IdP display name uniqueness before assembling aggregate
-->
Expand Down
1 change: 1 addition & 0 deletions mdx/uk/ns_norm_test.xsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:remd="http://refeds.org/metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
Expand Down
1 change: 1 addition & 0 deletions mdx/validation-beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -644,6 +644,7 @@
<ref bean="check_saml_strings"/>
<ref bean="check_shib_noregscope"/>
<ref bean="check_shibboleth"/>
<ref bean="check_sirtfi"/>
<ref bean="check_sp_tls"/>
<ref bean="check_uk_algorithms"/>
<ref bean="check_uk_trust"/>
Expand Down

0 comments on commit a366c4b

Please sign in to comment.