...
With the default configuration the identity provider metadata is saved as a file under the metadata folder named "idp-metadata.xml". If you wish to use a different file name just change it here.
Code Block | ||
---|---|---|
| ||
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <constructor-argarg> <value type="java.io.File">classpath:metadata/idp-metadata.xml</value> </constructor-arg> <property name="parserPool" ref="parserPool" /> </bean> |
Next comes the service provider metadata. If you are using the metadata generator leave this next section commented out as if you do not PhixFlow will not start as it will be looking for a file that does not exist. Below is a completed service provider bean which will be broken down in more detail lower down.
Code Block | ||
---|---|---|
| ||
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <constructor-arg> <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider"> <constructor-arg> <bean class="java.util.Timer" /> </constructor-arg> <constructor-arg> <bean class="org.opensaml.util.resource.ClasspathResource"> <constructor-arg value="/metadata/sp-metadata.xml" /> </bean> </constructor-arg> <property name="parserPool" ref="parserPool" /> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> <property name="local" value="true" /> <property name="alias" value="urn:test:phixflow:phixflow" /> <property name="signingKey" value="PhixflowSAML" /> <property name="encryptionKey" value="PhixflowSAML" /> </bean> </constructor-arg> </bean> |
The first configurable part of the service provider metadata is the file name. By default this is expecting a file named "sp-metadata.xml" under the metadata folder. If you wish to use another file name change it here :
Code Block | ||
---|---|---|
| ||
<constructor-arg value="/metadata/sp-metadata.xml" /> |
Next we have the Extended metadata configuration. For the simplest setup all that needs changing here is the alias needs to be updated to the entity ID that you specified earlier. If you are using the recommended Key name of "PhixflowSAML" then no further configuration is required. If you are not using this key name then you will have to replace the PhixflowSAML with your keyname under the "signingKey" and "encryptionKey" sections.
...