shibboleth-dev - Re: [Shib-Dev] IDP metadata with no ACS url
Subject: Shibboleth Developers
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [Shib-Dev] IDP metadata with no ACS url
- Date: Fri, 03 Jun 2011 18:34:28 -0400
On 6/3/11 5:59 PM, Bobby Lawrence wrote:
> Is there any way you can show me how to do this?
Since we use custom config schema and bean parsing code, the way you'd
ordinarily do it is by creating an IdP extension, specifically a Profile
Handler extension. The docs for that are here:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDevCustomExtension
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDevExtProfileHandler
Essentially you just need to create the custom schema and XML bean
parsing code to allow to configure your new profile handler subclass in
handler.xml using our custom XML bean parsing methodology. What you
should wind up with is a new XML Schema complex type to be used instead
of what you see in there by default (xsi:type="ph:SAML2SSO" would become
xsi:type="yourns:YourSAML2SSO").
If you learn best by example, the delegation and (old) ECP extensions
are pretty similar to what you need to do:
http://svn.shibboleth.net/view/extensions/java-idp-delegation/trunk/
http://svn.shibboleth.net/view/extensions/java-idp-ecp/trunk/
> I'm not very strong in Spring, but I've configured web apps with it.
> I've never done anything like this before, but I did a bit of digging
> and found that its possible with Springs IoC container using
> MethodReplacers. However I can't tell if its possible in this case
> because the IDP code uses AbstractSingleBeanDefinitionParser's to load
> the beans. I cannot find how to inject this when using bean
> definitions created from arbitrary XML objects like the IDP does for
> most of its config...
> From what I've read, the MethodReplacer is only configurable (I think)
> when using an XML bean definition and adding a <replace-method>
> element. I've tried to add it to the XML for the SAML2SSO
> ProfileHandler but I get exceptions from Spring on startup.
You definitely can't use the <replace-method> element in our config
files. Those have a defined schema and don't allow for that to appear.
I'm not familiar with the MethodReplacers in general to know if there is
another way to use them. If you can lookup a bean (say using it's bean
id) from the application context and modify it after the fact with the
MethodReplacer or something similar, you might be able to do this. Some
quick googling doesn't produce anything promising.
- [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Cantor, Scott E., 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
Archive powered by MHonArc 2.6.16.