Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Metadata Aggregator and Metadata ID for sigining process

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Metadata Aggregator and Metadata ID for sigining process


Chronological Thread 
  • From: Ian Young <ian AT iay.org.uk>
  • To: Alejandro Lara <alara AT reuna.cl>
  • Cc: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] Metadata Aggregator and Metadata ID for sigining process
  • Date: Mon, 2 Sep 2013 15:42:26 +0100
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>


On 2 Sep 2013, at 15:30, Alejandro Lara <alara AT reuna.cl> wrote:

> I'm deploying the metadata aggregator tool, in order to collect the edugain
> metadata and publish in our federation. I was trying to red it with a test
> IdP (shibboleth) but it miss the ID variable in the EntitiesDescriptor tag,
> letting empty the URI variable in the Reference tag the signed metadata
> generated with metadata aggegator and that generates.
>
> How I can generate the ID variable in the collected metadata in order to
> sign this metadata with the ID as a reference? This is my first time using
> metadata aggregator tool

Hi Alejandro,

There is a stage provided with the metadata aggregator that is designed to do
that for you (GenerateIdStage). Unfortunately if you're working from the
public distribution, there's a bug in an underlying library that causes
problems for that stage so you can't use it. The problems are fixed in the
subversion repository, though, so if you're working from a version you have
checked out from there you should be fine using it.

A simple alternative is to put a little XSLT transform stage in to add the ID
attribute. That's actually what I use in the UKf setup, as I wanted a
timestamp in there rather than a random identifier.

There was a discussion in shibboleth-users about this a couple of months
back, with example code. Let me know if you need any additional help (I'm
the developer, as well as using it in the UKf).

-- Ian



Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19.

Top of Page