For completeness, here is how I am running pyFF:
gunicorn \
--log-config logger.ini \
--bind 0.0.0.0:8080 \
--timeout 600 \
--env PYFF_PIPELINE=test_mdx.yaml \
--env PYFF_UPDATE_FREQUENCY=3600 \
--env PYFF_PUBLIC_URL=http://127.0.0.1:8080 \
--env PYFF_STORE_CLASS=pyff.store:RedisWhooshStore \
--env PYFF_SCHEDULER_JOB_STORE=redis \
--workers 1 \
--worker-class gthread \
--threads 4 \
--worker-tmp-dir /dev/shm \
pyff.wsgi:app \
2>&1 | tee /tmp/pyff.out
And here is test_mdx.yaml:
- when edugain_transform:
- xslt:
stylesheet: edugain_transform.xsl
- break
- when ligo_transform:
- xslt:
stylesheet: ligo_transform.xsl
- break
- when ligo_approved_transform:
- xslt:
stylesheet: ligo_approved_transform.xsl
- break
- when update:
- load:
- incommon.xrd as incommon via edugain_transform
- ligo.xrd as ligo via ligo_transform
- ligo_approved.xrd as ligo_approved via ligo_approved_transform
- select:
- "!//md:EntityDescriptor[md:IDPSSODescriptor]"
- "ligo!//md:EntityDescriptor[md:SPSSODescriptor]"
- select as ligo_only:
- "https://login.ligo.org/idp/shibboleth"
- "https://login2.ligo.org/idp/shibboleth"
- "https://login3.ligo.org/idp/shibboleth"
- "https://login4.ligo.org/idp/shibboleth"
- select as ligo_approved:
- "https://login.ligo.org/idp/shibboleth"
- "https://login2.ligo.org/idp/shibboleth"
- "https://login3.ligo.org/idp/shibboleth"
- "https://login4.ligo.org/idp/shibboleth"
- "https://shibbi.pki.itc.u-tokyo.ac.jp/idp/shibboleth"
- "https://orcid-saml-gateway.gw-astronomy.org/idp"
- break
- when request:
- select:
- pipe:
- when accept application/xml:
- first
- finalize:
cacheDuration: PT12H
validUntil: P10D
- sign:
key: metadata-signer.key
cert: metadata-signer.crt
- emit application/xml
- break
- when accept application/json:
- discojson
- emit application/json
- break
Hi,
I am using today's pyFF master head, commit
bbdf245ccdb0be8ce45dda8c0cef06a6d33e2755
My pipeline contains
- when request:
- select:
- pipe:
- when accept application/xml:
- first
- finalize:
cacheDuration: PT12H
validUntil: P10D
- sign:
key: metadata-signer.key
cert: metadata-signer.crt
- emit application/xml
- break
- when accept application/json:
- discojson
- emit application/json
- break
This query returns the XML I expect
curl
'http://127.0.0.1:8080/entities/https%3A%2F%2Fwiki.ligo.org%2Fshibboleth-sp'
proving that pyFF has the metadata for the entityID.
But this query returns an empty <EntitiesDescriptor>:
curl
'http://127.0.0.1:8080/entities/%7Bsha1%7Dff767393c6b06e8282603e9e4541ac1e878d63aa'
Note that
$ python3
Python 3.7.3 (default, Apr 3 2019, 05:39:12)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license"
for more information.
>> from hashlib import sha1
>> m = sha1()
>>
m.update(b'https://wiki.ligo.org/shibboleth-sp')
>> m.hexdigest()
'ff767393c6b06e8282603e9e4541ac1e878d63aa'
This is problematic since thiss-js wants to use sha1 hashes to query
MDQ.
Is there something special I have to configure to get pyFF to accept the
sha1 hash?
Thanks,
Scott K