Commit 10ec4787 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

726: Finalize v1.0 for release with Schema Registry

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726
parent dbf321a0
...@@ -17,17 +17,20 @@ public class SAMLRequiredAttributesList { ...@@ -17,17 +17,20 @@ public class SAMLRequiredAttributesList {
public SAMLRequiredAttributes[] getRequiredAttributes() { return requiredAttributes; } public SAMLRequiredAttributes[] getRequiredAttributes() { return requiredAttributes; }
public SAMLRequiredAttributesList(ObjectMapper objectMapper, String strRequiredAttributes) throws Exception { public SAMLRequiredAttributesList(ObjectMapper objectMapper, String strRequiredAttributes) {
SAMLRequiredAttributes[] requiredAttributes = null;
try { try {
requiredAttributes = objectMapper.readValue(strRequiredAttributes, SAMLRequiredAttributes[].class); if (strRequiredAttributes!=null) {
requiredAttributes = objectMapper.readValue(strRequiredAttributes, SAMLRequiredAttributes[].class);
}
} catch (Exception e) { } catch (Exception e) {
logger.error("Failed to deserialize required attributes from configuration", e); logger.error("Failed to deserialize required attributes from configuration", e);
throw e;
} }
this.requiredAttributes = requiredAttributes;
} }
public List<SAMLRequiredAttributes> getForStage(AUTHENTICATION_STAGE stage, boolean requiredOnly) { public List<SAMLRequiredAttributes> getForStage(AUTHENTICATION_STAGE stage, boolean requiredOnly) {
if (stage==null || this.size()==0) { if (requiredAttributes==null || stage==null || this.size()==0) {
return null; return null;
} }
List<SAMLRequiredAttributes> result = new ArrayList<SAMLRequiredAttributes>(); List<SAMLRequiredAttributes> result = new ArrayList<SAMLRequiredAttributes>();
......
...@@ -24,7 +24,10 @@ import org.opensaml.xml.io.MarshallingException; ...@@ -24,7 +24,10 @@ import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.Credential;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.saml.key.KeyManager; import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.*; import org.springframework.security.saml.metadata.*;
import org.springframework.security.saml.util.SAMLUtil; import org.springframework.security.saml.util.SAMLUtil;
...@@ -51,7 +54,7 @@ import static org.springframework.util.StringUtils.hasLength; ...@@ -51,7 +54,7 @@ import static org.springframework.util.StringUtils.hasLength;
*/ */
@Controller @Controller
@RequestMapping("/saml/web/metadata") @RequestMapping("/saml/web/metadata")
public class MetadataController { public class MetadataController implements ApplicationContextAware {
private final Logger log = LoggerFactory.getLogger(MetadataController.class); private final Logger log = LoggerFactory.getLogger(MetadataController.class);
...@@ -59,10 +62,16 @@ public class MetadataController { ...@@ -59,10 +62,16 @@ public class MetadataController {
SSO_POST, SSO_PAOS, SSO_ARTIFACT, HOKSSO_POST, HOKSSO_ARTIFACT SSO_POST, SSO_PAOS, SSO_ARTIFACT, HOKSSO_POST, HOKSSO_ARTIFACT
} }
@Autowired MetadataManager metadataManager; @Autowired private MetadataManager metadataManager;
@Autowired KeyManager keyManager; @Autowired private KeyManager keyManager;
private ApplicationContext applicationContext;
@RequestMapping
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
@RequestMapping
public String metadataList(Model model) throws MetadataProviderException { public String metadataList(Model model) throws MetadataProviderException {
model.addAttribute("hostedSP", metadataManager.getHostedSPName()); model.addAttribute("hostedSP", metadataManager.getHostedSPName());
model.addAttribute("spList", metadataManager.getSPEntityNames()); model.addAttribute("spList", metadataManager.getSPEntityNames());
...@@ -129,15 +138,17 @@ public class MetadataController { ...@@ -129,15 +138,17 @@ public class MetadataController {
} }
ExtendedMetadata extendedMetadata = new ExtendedMetadata(); ExtendedMetadata extendedMetadata = new ExtendedMetadata();
MetadataGenerator generator = new MetadataGenerator();
generator.setKeyManager(keyManager); MetadataGenerator metadataGenerator = applicationContext.getBean(MetadataGenerator.class);
generator.setExtendedMetadata(extendedMetadata); metadataGenerator.setKeyManager(keyManager);
metadataGenerator.setExtendedMetadata(extendedMetadata);
// Basic metadata properties // Basic metadata properties
generator.setEntityId(metadata.getEntityId()); metadataGenerator.setEntityId(metadata.getEntityId());
generator.setEntityBaseURL(metadata.getBaseURL()); metadataGenerator.setEntityBaseURL(metadata.getBaseURL());
generator.setRequestSigned(metadata.isRequestSigned()); metadataGenerator.setRequestSigned(metadata.isRequestSigned());
generator.setWantAssertionSigned(metadata.isWantAssertionSigned()); metadataGenerator.setWantAssertionSigned(metadata.isWantAssertionSigned());
Collection<String> bindingsSSO = new LinkedList<String>(); Collection<String> bindingsSSO = new LinkedList<String>();
Collection<String> bindingsHoKSSO = new LinkedList<String>(); Collection<String> bindingsHoKSSO = new LinkedList<String>();
...@@ -163,12 +174,12 @@ public class MetadataController { ...@@ -163,12 +174,12 @@ public class MetadataController {
} }
// Set bindings // Set bindings
generator.setBindingsSSO(bindingsSSO); metadataGenerator.setBindingsSSO(bindingsSSO);
generator.setBindingsHoKSSO(bindingsHoKSSO); metadataGenerator.setBindingsHoKSSO(bindingsHoKSSO);
generator.setAssertionConsumerIndex(assertionConsumerIndex); metadataGenerator.setAssertionConsumerIndex(assertionConsumerIndex);
// Name IDs // Name IDs
generator.setNameID(Arrays.asList(metadata.getNameID())); metadataGenerator.setNameID(Arrays.asList(metadata.getNameID()));
// Keys // Keys
extendedMetadata.setSigningKey(metadata.getSigningKey()); extendedMetadata.setSigningKey(metadata.getSigningKey());
...@@ -180,7 +191,7 @@ public class MetadataController { ...@@ -180,7 +191,7 @@ public class MetadataController {
// Discovery // Discovery
if (metadata.isIncludeDiscovery()) { if (metadata.isIncludeDiscovery()) {
extendedMetadata.setIdpDiscoveryEnabled(true); extendedMetadata.setIdpDiscoveryEnabled(true);
generator.setIncludeDiscoveryExtension(metadata.isIncludeDiscoveryExtension()); metadataGenerator.setIncludeDiscoveryExtension(metadata.isIncludeDiscoveryExtension());
if (metadata.getCustomDiscoveryURL() != null && metadata.getCustomDiscoveryURL().length() > 0) { if (metadata.getCustomDiscoveryURL() != null && metadata.getCustomDiscoveryURL().length() > 0) {
extendedMetadata.setIdpDiscoveryURL(metadata.getCustomDiscoveryURL()); extendedMetadata.setIdpDiscoveryURL(metadata.getCustomDiscoveryURL());
} }
...@@ -189,7 +200,7 @@ public class MetadataController { ...@@ -189,7 +200,7 @@ public class MetadataController {
} }
} else { } else {
extendedMetadata.setIdpDiscoveryEnabled(false); extendedMetadata.setIdpDiscoveryEnabled(false);
generator.setIncludeDiscoveryExtension(false); metadataGenerator.setIncludeDiscoveryExtension(false);
} }
// Alias // Alias
...@@ -213,8 +224,8 @@ public class MetadataController { ...@@ -213,8 +224,8 @@ public class MetadataController {
} }
// Generate values // Generate values
EntityDescriptor generatedDescriptor = generator.generateMetadata(); EntityDescriptor generatedDescriptor = metadataGenerator.generateMetadata();
ExtendedMetadata generatedExtendedMetadata = generator.generateExtendedMetadata(); ExtendedMetadata generatedExtendedMetadata = metadataGenerator.generateExtendedMetadata();
if (metadata.isStore()) { if (metadata.isStore()) {
...@@ -422,5 +433,4 @@ public class MetadataController { ...@@ -422,5 +433,4 @@ public class MetadataController {
public String getTabName() { public String getTabName() {
return "metadata"; return "metadata";
} }
} }
\ No newline at end of file
auth:
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
roles: ["ROLE_CONTRIBUTOR"]
saml:
keystore:
path: /data/_srv/minfba/minfba-de-dariah-eu.jks
# Comment if keystore is not protected by password
pass: 'hairad'
alias: minfba.de.dariah.eu
aliaspass: 'hairad'
sp:
requiredAttributes:
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: OR
attributes:
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: Terms_of_Use_v5.pdf
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: foobar-service-agreement_version1.pdf
- stage: AUTHENTICATION
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: false
attributeGroup:
- check: OPTIONAL
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: displayName
name: urn:oid:2.16.840.1.113730.3.1.241
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
\ No newline at end of file
auth:
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
roles: ["ROLE_CONTRIBUTOR"]
saml:
keystore:
path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
# Uncomment if keystore is protected by password
#pass: 'somepass'
alias: dfa.de.dariah.eu
aliaspass: ''
metadata:
url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
#url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
sp:
externalMetadata: /home/tobias/Downloads/spring_saml_metadata.xml
alias: dariahsp
baseUrr: https://minfba.de.dariah.eu/dariahsp
entityId: minfba.de.dariah.eu_dariahsp
securityProfile: metaiop
sslSecurityProfile: pkix
sslHostnameVerification: default
signMetadata: true
signingAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
signingKey: minfba.de.dariah.eu
encryptionKey: minfba.de.dariah.eu
tlsKey: minfba.de.dariah.eu
requireArtifactResolveSigned: true
requireAttributeQuerySigned: false
requireLogoutRequestSigned: true
requireLogoutResponseSigned: false
discovery:
enabled: true
url: https://minfba.de.dariah.eu/dariahsp/saml/login/alias/dariahsp?disco:true
return: https://minfba.de.dariah.eu/dariahsp/saml/discovery/alias/dariahsp
allowedNameIds : EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
# Attribute querying
attributeQuery:
enabled: true
excludedEndpoints:
urls: ["https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth", "https://idp.de.dariah.eu/idp/shibboleth"]
assumeAttributesComplete: true
queryIdp: https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth
#queryIdp: https://idp.de.dariah.eu/idp/shibboleth
queryByNameID: false
queryAttribute:
friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
# For now without parameters bc DARIAH Self Service is broken
incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl"
#incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
#incompleteAttributesRedirect: "https://auth.dariah.eu/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
requiredAttributes:
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: OR
attributes:
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: Terms_of_Use_v5.pdf
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: foobar-service-agreement_version1.pdf
- stage: AUTHENTICATION
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: false
attributeGroup:
- check: OPTIONAL
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: displayName
name: urn:oid:2.16.840.1.113730.3.1.241
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
\ No newline at end of file
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
<context:annotation-config/> <context:annotation-config/>
<bean id="configLocation" class="java.lang.String"> <bean id="configLocation" class="java.lang.String">
<constructor-arg value="classpath:dariahsp_local_sample.yml" /> <constructor-arg value="classpath:dariahsp.yml" />
</bean> </bean>
<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean"> <bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
<property name="resources" ref="configLocation"/> <property name="resources" ref="configLocation"/>
......
...@@ -66,6 +66,17 @@ ...@@ -66,6 +66,17 @@
<property name="defaultAuthority" value="Authenticated User" /> <property name="defaultAuthority" value="Authenticated User" />
</bean> </bean>
<!-- Filter automatically generates default SP metadata -->
<!-- Utilized only if no path to external metadata has been set (compare bean id="metadata") -->
<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataGeneratorFilter">
<constructor-arg ref="metadataGenerator" />
<constructor-arg value="#{'${auth.saml.sp.externalMetadata:null}'!='null'}" />
</bean>
<bean id="requiredAttributes" class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLRequiredAttributesList">
<constructor-arg ref="objectMapper" />
<constructor-arg value="${auth.saml.sp.requiredAttributes:#{null}}" />
</bean>
<bean id="redirectionAwareFilter" class="eu.dariah.de.dariahsp.web.RedirectionAwareFilterBean" /> <bean id="redirectionAwareFilter" class="eu.dariah.de.dariahsp.web.RedirectionAwareFilterBean" />
<bean id="redirectCache" class="eu.dariah.de.dariahsp.web.RedirectCache" /> <bean id="redirectCache" class="eu.dariah.de.dariahsp.web.RedirectCache" />
......
...@@ -33,8 +33,11 @@ ...@@ -33,8 +33,11 @@
<security:request-cache ref="requestCache"/> <security:request-cache ref="requestCache"/>
</security:http> --> </security:http> -->
<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.local.MetadataGeneratorDummyFilterBean" /> <bean id="metadataGenerator" class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator" scope="prototype">
<property name="requiredAttributes" ref="requiredAttributes" />
</bean>
<!-- Filters for processing of local authentication --> <!-- Filters for processing of local authentication -->
<bean id="authFilter" class="org.springframework.security.web.FilterChainProxy"> <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant"> <security:filter-chain-map request-matcher="ant">
......
...@@ -57,27 +57,15 @@ ...@@ -57,27 +57,15 @@
<bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery"> <bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/> <property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/>
</bean> </bean>
<bean id="externalLocalSpMetadataConfigured" class="java.lang.Boolean"> <bean id="metadataGenerator" class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator" scope="prototype">
<constructor-arg value="#{'${auth.saml.sp.externalMetadata:null}'!='null'}" /> <property name="entityBaseURL" value="${auth.saml.sp.baseUrl}" />
<property name="entityId" value="${auth.saml.sp.entityId}" />
<property name="includeDiscoveryExtension" value="${auth.saml.sp.discovery.enabled}" />
<property name="nameID" value="#{'${auth.saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
<property name="extendedMetadata" ref="localSpMetadata" />
<property name="requiredAttributes" ref="requiredAttributes" />
</bean> </bean>
<!-- Filter automatically generates default SP metadata -->
<!-- Utilized only if no path to external metadata has been set (compare bean id="metadata") -->
<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataGeneratorFilter">
<constructor-arg>
<bean class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator">
<property name="entityBaseURL" value="${auth.saml.sp.baseUrl}" />
<property name="entityId" value="${auth.saml.sp.entityId}" />
<property name="includeDiscoveryExtension" value="${auth.saml.sp.discovery.enabled}" />
<property name="nameID" value="#{'${auth.saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
<property name="extendedMetadata" ref="localSpMetadata" />
<property name="requiredAttributes" ref="requiredAttributes" />
</bean>
</constructor-arg>
<constructor-arg ref="externalLocalSpMetadataConfigured" />
</bean>
<!-- Utilized only if path to external metadata has been set (compare bean id="metadata") --> <!-- Utilized only if path to external metadata has been set (compare bean id="metadata") -->
<bean id="externalMetadata" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <bean id="externalMetadata" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
...@@ -215,12 +203,7 @@ ...@@ -215,12 +203,7 @@
</property> </property>
<property name="requiredAttributesList" ref="requiredAttributes" /> <property name="requiredAttributesList" ref="requiredAttributes" />
</bean> </bean>
<bean id="requiredAttributes" class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLRequiredAttributesList">
<constructor-arg ref="objectMapper" />
<constructor-arg value="${auth.saml.sp.requiredAttributes:#{null}}" />
</bean>
<bean id="attributeQuery" class="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttributeQueryImpl"> <bean id="attributeQuery" class="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttributeQueryImpl">
<constructor-arg> <constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient" /> <bean class="org.apache.commons.httpclient.HttpClient" />
......
...@@ -96,33 +96,33 @@ ...@@ -96,33 +96,33 @@
<label class="col-sm-3 control-label">Configuration:</label> <label class="col-sm-3 control-label">Configuration:</label>
<div class="col-sm-9"> <div class="col-sm-9">
<textarea id="configuration" readonly="readonly" class="form-control" rows="12"># Append these properties to your application configuration <textarea id="configuration" readonly="readonly" class="form-control" rows="12"># Append these properties to your application configuration
saml.sp.
auth: auth:
... ...
saml: saml:
... ...
sp: sp:
# Modify this property to point to the downloaded SP metadata # Modify this property to point to the downloaded SP metadata
externalMetadata = /path/to/downloaded/spring-saml-metadata.xml externalMetadata: /path/to/downloaded/spring-saml-metadata.xml
alias = ${metadata.alias} alias: ${metadata.alias}
baseUrl = ${baseUrl} baseUrl: ${baseUrl}
entityId = ${metadata.entityId} entityId: ${metadata.entityId}
securityProfile = ${metadata.securityProfile} securityProfile: ${metadata.securityProfile}
sslSecurityProfile = ${metadata.sslSecurityProfile} sslSecurityProfile: ${metadata.sslSecurityProfile}
sslHostnameVerification = ${metadata.sslHostnameVerification} sslHostnameVerification: ${metadata.sslHostnameVerification}
signMetadata = ${metadata.signMetadata} signMetadata: ${metadata.signMetadata}
signingAlgorithm = ${metadata.signingAlgorithm} signingAlgorithm: ${metadata.signingAlgorithm}
signingKey = ${metadata.signingKey} signingKey: ${metadata.signingKey}
encryptionKey = ${metadata.encryptionKey} encryptionKey: ${metadata.encryptionKey}
tlsKey = ${metadata.tlsKey} tlsKey: ${metadata.tlsKey}
requireArtifactResolveSigned = ${metadata.requireArtifactResolveSigned} requireArtifactResolveSigned: ${metadata.requireArtifactResolveSigned}
requireAttributeQuerySigned = ${metadata.requireAttributeQuerySigned} requireAttributeQuerySigned: ${metadata.requireAttributeQuerySigned}
requireLogoutRequestSigned = ${metadata.requireLogoutRequestSigned} requireLogoutRequestSigned: ${metadata.requireLogoutRequestSigned}
requireLogoutResponseSigned = ${metadata.requireLogoutResponseSigned} requireLogoutResponseSigned: ${metadata.requireLogoutResponseSigned}
discovery.enabled = ${metadata.includeDiscovery} discovery:
discovery.url = ${metadata.customDiscoveryURL} enabled: ${metadata.includeDiscovery}
discovery.return = ${metadata.customDiscoveryResponseURL} url: ${metadata.customDiscoveryURL}
allowedNameIds = <c:forEach begin="0" end="${fn:length(metadata.nameID) - 1}" var="index"><c:out value="${metadata.nameID[index]}"/><c:if test="${index < fn:length(metadata.nameID)-1}">, </c:if></c:forEach> return: ${metadata.customDiscoveryResponseURL}
allowedNameIds: <c:forEach begin="0" end="${fn:length(metadata.nameID) - 1}" var="index"><c:out value="${metadata.nameID[index]}"/><c:if test="${index < fn:length(metadata.nameID)-1}">, </c:if></c:forEach>
</textarea> </textarea>
</div> </div>
</div> </div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment