Versions Compared

Old Version 3

changes.mady.by.user MS

Saved on

compared with

New Version 4

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the defaultIDP property after the constructor arg

    Code Block
    <property name="defaultIDP" value="${abiquo.saml.metadata.identityprovider.default.id}"/>


  2. Add beans for each IdP to the list in the constructor that starts with 0. For example here we added a reference to bean "ipdMetadataDelegate1"

    Code Block
            <constructor-arg>
            <list>
                <ref bean="ipdMetadataDelegate"/>
                <ref bean="ipdMetadataDelegate2"/>


  3. Copy the first bean and modify it to create a second bean.

    1. Change the bean ID to match the IdP ID from the list above

      Code Block
       <bean id="ipdMetadataDelegate2"


    2. In the value, set the item to get the IdP path from the IdP list in the abiquo.properties file. For our example, add a "1" . 

      Code Block
                <bean class="org.opensaml.util.resource.FilesystemResource">
            <constructor-arg value="#{'${abiquo.saml.metadata.identityprovider.path}'.split(',')[1]}" />

      From the IdP list property, this will get the second value after a comma.

Example of IdP metadata from Abiquo 5.2.1

This example is a guide to the configuration of SAML IdPs. It shows a single IdPmultiple IdPs.
(warning) Remember that you must use any file added to your system as part of the upgrade. Do not copy this file!

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">


    <!-- IPD and SP metadata definition -->
    <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
    <constructor-arg>
            <list>
                <ref bean="spMetadataDelegate"/>
                <ref bean="ipdMetadataDelegate"/>
                <ref bean="ipdMetadataDelegate2"/>
        </list>
    </constructor-arg>
    <property name="defaultIDP" value="${abiquo.saml.metadata.identityprovider.default.id}"/>
    </bean>
    <bean id="spMetadataDelegate" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
        <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                <constructor-arg>
                    <bean class="java.util.Timer"/>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.opensaml.util.resource.FilesystemResource">
                        <constructor-arg value="${abiquo.saml.metadata.serviceprovider.path}" />
                    </bean>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                <property name="local" value="true"/>
                <property name="securityProfile" value="metaiop"/>
                <property name="sslSecurityProfile" value="pkix"/>
                <property name="signMetadata" value="${abiquo.saml.keys.metadata.sign:false}"/>
                <property name="signingKey" value="${abiquo.saml.keys.signing.alias}"/>
                <property name="encryptionKey" value="${abiquo.saml.keys.encryption.alias}"/>
                <property name="requireArtifactResolveSigned" value="false"/>
                <property name="requireLogoutRequestSigned" value="false"/>
                <property name="requireLogoutResponseSigned" value="false"/>
            </bean>
        </constructor-arg>
    </bean>
    <bean id="ipdMetadataDelegate" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
        <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                <constructor-arg>
                    <bean class="java.util.Timer"/>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.opensaml.util.resource.FilesystemResource">
                        <constructor-arg value="#{'${abiquo.saml.metadata.identityprovider.path}'.split(',')[0]}" />
                    </bean>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
        </constructor-arg>
    </bean>
    <bean id="ipdMetadataDelegate2" class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
        <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                <constructor-arg>
                    <bean class="java.util.Timer"/>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.opensaml.util.resource.FilesystemResource">
                        <constructor-arg value="#{'${abiquo.saml.metadata.identityprovider.path}'.split(',')[1]}" />
                    </bean>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
        </constructor-arg>
    </bean>

</beans>