...
| Code Block |
|---|
keytool -genkeypair -alias mdx -keypass secret123 -keyalg RSA -keystore mdx.jks
... answer a bunch of questions ...
|
Alternatively you can use an existing keystore. In the example below just change the mdx.signer.alias parameter and add a parameter mdx.signer.keystore pointing to the keystore file. Review the documentation for keytool to figure out if you need to add other parameters for setting key size, validity time etc that may be applicable for your situation.
Run the aggregator
...
...
You
...
will
...
need
...
a
...
version
...
of
...
java
...
1.6
...
to
...
run
...
the
...
aggregator.
...
Launch
...
the
...
aggregator
...
by
...
running
...
this.
...
The
...
'\'
...
indicate
...
line
...
breaks
...
and
...
can
...
be
...
removed
...
if
...
you
...
put
...
the
...
entire
...
command
...
on
...
one
...
line.
| Code Block |
|---|
java -Dmdx.store.url=/path/to/metadata \
-Dmdx.signer.alias=mdx \
-Dmdx.signer.pin=secret123 \
-Dmdx.signer.validity=3600 -jar saml-md-aggregator-standalone.jar &
|
This will setup an aggregator that signs each request with the generated key pair and sets the validUntil element on the EntityDescriptor elemets to 1 hour from the time of signing.
| Warning |
|---|
Several versions of openjdk contains a bug that breaks xml-dsig. Either use sun jdk or endorse the xmlsec and commons-logging jars. A better solution for this is coming soon. |
Test it all out
Point your browser at http://localhost:8080/md/all
and look a your stuffGet . Now download all of your idp:s as an EntitiesDescriptor document using wget or any other tool that can download and display the contents of a URL. Pointing your browser to the URL will also work of course.
| Code Block |
|---|
# wget -qOO- http://localhost:8080/entity/all+idp |
Get Here is how to get all of your sp:s as an EntitiesDescriptor document. The idp and sp tags are automatically generated from inspecting entities in your store.
| Code Block |
|---|
# wget -qOO- http://localhost:8080/entity/all+sp |