aggregator Module
=================
<!--
This file is written in Markdown syntax.
For more information about how to use the Markdown syntax, read here:
http://daringfireball.net/projects/markdown/syntax
-->
* Author: Andreas Åkre Solberg <andreas.solberg@uninett.no>, UNINETT AS
* Package: simpleSAMLphp
This module, aggregates a set of metadata of SAML entities to SAML 2.0 documents with an `EntitiesDescriptor` with multiple entities inside.
Multiple aggregates can be configured.
The configuration file: module_aggregate.php
--------------------------------------------
The configuration file includes an option `aggregators`, which includes a indexed list of different aggregator configurations that all can be accessed independently. The structure is as follows:
'aggregators' => array(
'aggr1' => array(
'sources' => [...]
[...local params...]
),
'aggr2' => ...
)
[...global params...]
All of the global parameters can be overriden for each aggregator. Here is a list of the available (global) paramters:
`maxDuration`
: Max validity of metadata (duration) in seconds.
`reconstruct`
: Whether simpleSAMLphp should regenerate the metadata XML (TRUE) or pass-through the input metadata XML (FALSE).
`RegistrationInfo`
: Allows to specify information about the registrar of this metadata. Please refer to the
[MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
`set`
: By default all SAML types are available, including: `array('saml20-idp-remote', 'saml20-sp-remote', 'shib13-idp-remote', 'shib13-sp-remote')`. This list can be reduced by specifying one of the following values:
* `saml20-idp-remote`
* `saml20-sp-remote`
* `shib13-idp-remote`
* `shib13-sp-remote`
* `saml2`
* `shib13`
`sign.enable`
: Enable signing of metadata document
`sign.certificate`
: Certificate to embed, corresponding to the private key.
`sign.privatekey`
: Private key to use when signing
`sign.privatekey_pass`
: Optionally a passphrase to the private key
Accessing the aggregate
-----------------------
On the SimpleSAMLphp frontpage on the federation tab, there is a link to the aggregator named *Metadata aggregator*.
When accessing the aggregator endpoint without specifying an aggregate ID, a list of available aggregators will be presented, with different options for mime-type presenting the result.
The endpoint supports the following query parameter:
`id`
: The ID of the aggregator (From configuration file)
`set`
: Subset the available types of SAML entities. Similar to the `set` parameter described over in the configuration file description.
`exclude`
: Specify a `tag` that will be excluded from the metadata set. Useful for leaving out your own federation metadata.
`mimetype`
: Select the Mime-Type that will be used. Default is `application/samlmetadata+xml`.
|
Download
