{"id":39497635,"url":"https://github.com/clarin-eric/pyff_config","last_synced_at":"2026-01-18T05:43:45.628Z","repository":{"id":144999466,"uuid":"41666563","full_name":"clarin-eric/pyFF_config","owner":"clarin-eric","description":"Configuration for PyFF, a utility used for SPF SAML metadata processing.","archived":false,"fork":false,"pushed_at":"2025-09-11T14:43:18.000Z","size":248,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-09-11T17:30:05.391Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clarin-eric.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-08-31T09:10:36.000Z","updated_at":"2025-09-11T14:43:21.000Z","dependencies_parsed_at":"2023-10-11T01:35:40.439Z","dependency_job_id":"376ad268-a402-458d-a384-e40a2e5d9423","html_url":"https://github.com/clarin-eric/pyFF_config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/clarin-eric/pyFF_config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clarin-eric%2FpyFF_config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clarin-eric%2FpyFF_config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clarin-eric%2FpyFF_config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clarin-eric%2FpyFF_config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clarin-eric","download_url":"https://codeload.github.com/clarin-eric/pyFF_config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clarin-eric%2FpyFF_config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28531368,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-18T05:43:45.485Z","updated_at":"2026-01-18T05:43:45.621Z","avatar_url":"https://github.com/clarin-eric.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"== Scope\n\nThis repository holds the configuration for the https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines[CLARIN SPF SAML metadata pipelines].\nIt provides definitions for:\n\n* the various pyFF jobs used ('job_X.fd' files).\n* the https://github.com/clarin-eric/pyFF_config/blob/master/input/idp-metadata.xml[metadata for the CLARIN central IdP].\n* the https://github.com/clarin-eric/pyFF_config/blob/master/about_identity_federations_md.xrd[public certificates used by the various identity federations].\n\nBeware!!! Changes to the master branch of this repository should be done only to modify the SAML production feeds.\n\nThese files are fetched before each run of the SPF metadata pipelines, so changes to the master branch will be automatically reflected in the production SAML feeds.\n\n== Usage\n\nThe files in this project are designed to be used by the CLARIN SPF https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines/blob/master/image/cron/control.sh[control.sh script], which can be sourced and used to run the various job_X.fd files.\n\n* job_a.fd - publish preproduction SAML metadata about the SPF’s SPs\n+\nThis job selects all Entity Descriptors from the https://github.com/clarin-eric/SPF-SPs-metadata/blob/master/clarin-sp-metadata.xml[CLARIN SPs Metadata File] and publishes them as the SPF pre-production SPs feed.\nNormally no changes are needed to this file but it can be useful e.g. to exclude certain SPs from the pre-production feed.\n\n\n* job_b.fd - publish production SAML metadata about the SPF’s SPs\n+\nSelects the specified Entity Descriptors ('entityID=') from the https://github.com/clarin-eric/SPF-SPs-metadata/blob/master/clarin-sp-metadata.xml[CLARIN SPs Metadata File] and publishes them as the SPF production SPs feed.\nThis file is used to mark the SPs as part of the production feed. To bring a new SP into production, edit this file and insert the new \"or @entityID='https://example.tdl/saml/metadata'\" element into the 'select' section.\n\n* job_c.fd - publish production SAML metadata about each identity federation’s IdPs\n+\nAggregates all IdPs' metadata from the eduGAIN and the various identity federations and publishes it as the CLARIN SPF IdP metadata feed.\nEdit this file to blacklist undesired specific IdPs. When adding a new identity federation, this file must also e edited in conjunction with the https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines/blob/master/image/cron/control.sh[control.sh script].\n\n* job_e.fd - publish production SAML metadata about CLARIN IdP (unity)\n+\nPublishes the https://github.com/clarin-eric/pyFF_config/blob/master/input/idp-metadata.xml[metadata for the CLARIN Central IdP].\nWith the current setup, this file doesn't need to be changed.\n\n* about_identity_federations_md.xrd - public certificates used by various identity federations\n+\nThis file is used to verify the metadata batches downloaded from the various identity federations.\nEdit this file only when the certificate from an identity federation changes.\n\n* input/idp-metadata.xml -  CLARIN central IdP metadata file.\n+\nThe metadata file of the CLARIN central IdP.\n\nCurrently the control.sh script which pushes these definitions into production, is executed every hour between 7:00 and 19:00. See [cronjob 1] of the CLARIN SPF pipelines.\n\n== Requirements\n\n* https://github.com/leifj/pyFF[pyFF];\n* http://curl.haxx.se/[`curl`].\n\n=== Suggested requirements\n\n* https://wiki.shibboleth.net/confluence/display/SHIB2/XmlSecTool[`XmlSecTool`];\n* https://github.com/clarin-eric/SAML_metadata_QA_validator[`SAML_metadata_QA_validator`].\n\n== To run\n\n* Clone this repository (once).\n* `cd` to its root directory within a POSIX-compatible shell (e.g. first issue `/bin/sh`).\n* Download and source https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines/blob/master/image/cron/control.sh[control.sh script]\n+\n----\n. control.sh\n----\n* Call one of the sourced shell functions. E.g., issue `pyff_fetch_md ;`. The relevant functions are discussed under the following headings. They should be run in this order: `'pyff_fetch_md' \u0026\u0026 'pyff_run' '...' \u0026\u0026 'pyff_sign' \u0026\u0026 'pyff_verify_signatures' \u0026\u0026 'pyff_publish' \u0026\u0026 'pyff_validate'`.\n\n=== `pyff_fetch_md`\n\nTo fetch SAML metadata batches from identity federations that are connected to the https://www.clarin.eu/spf[CLARIN SPF] to `output/`.\n\n=== `pyff_run _job_name_`\n\nTo run a certain PyFF job declaration. `job_name` can be link:job_a.fd[`job_a`], link:job_a.fd[`job_b`], link:job_a.fd[`job_c`] or link:job_a.fd[`job_d`].\n\nPyFF jobs process (aggregate/split/filter) SAML metadata. Please study the job declarations to learn about them and their interdependencies. Running them in alphabetical order should be safe.\n\n=== `pyff_sign`\n\nTo sign the SPF SAML metadata batches. Dependent on `XmlSecTool`.\n\n=== `pyff_verify_signatures`\n\nTo sign the SPF SAML metadata batches. Dependent on `XmlSecTool`.\n\n=== `pyff_publish`\n\nTo publish the final SAML metadata batches, as on https://infra.clarin.eu/aai[infra.clarin.eu/aai].\n\n=== `pyff_validate`\n\nTo run `SAML_metadata_QA_validator` SAML metadata validation suite on the relevant final SAML metadata batches.\n\nDependent on `SAML_metadata_QA_validator`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclarin-eric%2Fpyff_config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclarin-eric%2Fpyff_config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclarin-eric%2Fpyff_config/lists"}