Download

Download saml-md-aggregator-standalone.jar. The standalone jar contains everything you need.

Create some metadata

Move to a directory where you have a bunch of metadata each EntityDescriptor in a separate file. The names of the files doesn't matter. The filename except the extension (.xml) will become the "ID" attribute on each EntityDescriptor as it is signed and returned to requestors.

# cd /path/to/metadata
# ls
idp.example.org.xml sp.example.org.xml

Make a keystore (or use an existing one)

Use keytool to generate a keystore with a signing key in it - eg

keytool -genkeypair -alias mdx -keypass secret123 -keyalg RSA -keystore mdx.jks
... answer a bunch of questions ...

Alternatively you can use an existing keystore. In the example below just change the mdx.signer.alias parameter and add a parameter mdx.signer.keystore pointing to the keystore file. Review the documentation for keytool to figure out if you need to add other parameters for setting key size, validity time etc that may be applicable for your situation.

Run the aggregator

You will need a version of java 1.6 to run the aggregator. Launch the aggregator by running this. The '\' indicate line breaks and can be removed if you put the entire command on one line.

java -Dmdx.store.url=/path/to/metadata \
     -Dmdx.signer.alias=mdx \
     -Dmdx.signer.pin=secret123 \
     -Dmdx.signer.validity=3600 -jar saml-md-aggregator-standalone.jar &

This will setup an aggregator that signs each request with the generated key pair and sets the validUntil element on the EntityDescriptor elemets to 1 hour from the time of signing.

Several versions of openjdk contains a bug that breaks xml-dsig. Either use sun jdk or endorse the xmlsec and commons-logging jars. A better solution for this is coming soon.

Test it all out

Point your browser at http://localhost:8080/md/all and look a your stuff. Now download all of your idp:s as an EntitiesDescriptor document using wget or any other tool that can download and display the contents of a URL. Pointing your browser to the URL will also work of course.

# wget -O- http://localhost:8080/entity/all+idp

Here is how to get all of your sp:s as an EntitiesDescriptor document. The idp and sp tags are automatically generated from inspecting entities in your store.

# wget -O- http://localhost:8080/entity/all+sp
  • No labels