apply renater metadata update of 01/2017

2017-02-06 11:08:20 +01:00 · 2017-02-06 11:08:20 +01:00 · 29ee7f15df
parent 40557b0b06
commit 29ee7f15df
2 changed files with 4 additions and 22 deletions
--- a/supann.conf
+++ b/supann.conf
@ -31,15 +31,11 @@ export SUPANN_LDAP_BASE_DN=dc=univ-test,dc=fr
 #
 # URL des métadonnées
 #
-export RENATER_METADATA=https://federation.renater.fr/renater/renater-metadata.xml
-#
-# URL des règles de filtrage des attributs
-#
-export RENATER_ATTRIBUTE_FILTERS=https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml
+export RENATER_METADATA=https://metadata.federation.renater.fr/renater/main/main-sps-renater-metadata.xml
 # 
 # URL du certificat de signature des métadonnées
 #
-export RENATER_CERTIFICATE=https://federation.renater.fr/renater/metadata-federation-renater.crt
+export RENATER_CERTIFICATE=https://metadata.federation.renater.fr/certs/renater-metadata-signing-cert-2016.pem

 # Test
 # export RENATER_METADATA=https://federation.renater.fr/test/renater-test-metadata.xml # test
--- a/update-renater-meta.sh
+++ b/update-renater-meta.sh
@ -5,13 +5,12 @@ set -e
 DEFAULT="/etc/default/authentic2"
 BASEDIR=`dirname $0`
 METADATA_TMP=`tempfile`
-FILTERS_TMP=`tempfile`
 CERTIFICATE_TMP=`tempfile`
 FIXTURE_TMP=`tempfile --suffix=.json`
 TIMEOUT=30

 function cleanup {
-	rm -f $METADATA_TMP $FILTERS_TMP $CERTIFICATE_TMP $FIXTURE_TMP
+	rm -f $METADATA_TMP $CERTIFICATE_TMP $FIXTURE_TMP
 }

 trap "cleanup" EXIT
@ -27,11 +26,6 @@ if ! wget --tries=3 --timeout=$TIMEOUT --quiet $RENATER_METADATA -O$METADATA_TMP
 	exit 1
 fi

-if ! wget --tries=3 --timeout=$TIMEOUT --quiet $RENATER_ATTRIBUTE_FILTERS -O$FILTERS_TMP; then
-	echo ERROR: unable to retrieve attribute filters from $RENATER_ATTRIBUTE_FILTERS
-	exit 1
-fi
-
 if ! wget --tries=3 --timeout=$TIMEOUT --quiet $RENATER_CERTIFICATE -O$CERTIFICATE_TMP; then
 	echo ERROR: unable to retrieve Renater metadata signing certificate from $RENATER_CERTIFICATE
 	exit 1
@ -42,11 +36,6 @@ if ! xmllint $METADATA_TMP >/dev/null; then
 	exit 1
 fi

-if ! xmllint $FILTERS_TMP >/dev/null; then
-	echo ERROR: xmllint failed on renater attribute filters
-	exit 1
-fi
-
 # Verify metadata signature
 if ! xmlsec1 --verify --id-attr:ID EntitiesDescriptor --pubkey-cert-pem $CERTIFICATE_TMP --enabled-key-data key-name $METADATA_TMP 2>/dev/null >/dev/null; then
 	echo ERROR: unable to validate signature on $RENATER_METADATA
@ -86,11 +75,8 @@ cat <<EOF >$FIXTURE_TMP
 }]
 EOF

-# Fix wrong naming of email attribute
-sed -i 's/\<email\>/mail/' $FILTERS_TMP
-
 # Load fixture
 /usr/bin/authentic2-ctl loaddata -v0 $FIXTURE_TMP

 # Load metadataas
-/usr/bin/authentic2-ctl sync-metadata --source=renater --shibboleth-attribute-filter-policy=$FILTERS_TMP --sp -v1 $METADATA_TMP
+/usr/bin/authentic2-ctl sync-metadata --source=renater --sp -v1 $METADATA_TMP