saml-registry is a SAML 2.0 Metadata management tool that is useful for building shibboleth-based federations.
The saml-registry is a j2ee-application intended as a federation management tool, primarily (but not exclusively) for use with shibboleth. Future versions will support full delegation of rights through container-based role-management. The current version relies on container-based authentication.
For convenience the current version of the sql database schema and a jboss datasource descriptor sample can be found here on the right.
Download the ear-file from the maven repository and drop it in the deploy-directory of your jboss application server. This build has been tested with jboss 4.0.2 but later versions should work.
You may need to disable certain features in a standard jboss, notably the jboss-ws4ee.sar (which conflicts with webservices provided by saml-registry) - just remove it from the deploy directory. Newer versions of jboss may ship with included versions of myfaces and jsf. These files must also be removed from your jboss before deploying saml-registry (or you must repackage the application excluding these libraries from the ear).
Next create a datasource-file for the mysql datastore. The < jndi-name/ > must be set to jdbc/saml-registry. Now create the database (update the datasource file with the server, username and password). Drop this file next to the ear in the deploy-directory. Use the sql schema to populate the database.
Finally configure authentication and authorization for saml-registry. This is done in the container by editing the login-config.xml (for jboss). Create a security domain called 'saml-registry' in login-config.xml. The attached login-config.xml contains a sample entry which is based on property-files. The UsersRolesLoginModule is described on the jboss wiki.
The authorization for saml-registry is also managed by the security domain using standard j2ee role-based security. The roles govern access to individual use-cases (represented by menu entries in the user interface). Future versions will add per-organizational access control to this basic framework so that management of entities can be delegated.
The use-cases and roles is documented by this usecase diagram. Once your security-domain is configured to serve these roles (by editing property-files or whatever) you should be able to point your browser to https://your-box.example.com/saml-registry and get the main menu (or a login page depending on how your security domain was setup).
Building from source
In order to build saml-registry from source (which can be obtained from the subversion repository) you need maven2 and java5 to build the sources. The saml-registry is based on an MDA toolchain called andromda. Normally maven2 should download and install all dependencies, however the user interface needs the jsf2 cartridge from the andromda plugins project which may not be distributed from the andromda maven repository. If maven2 complains about unresolved dependencies for jsf2 then checkout the andromda plugins project and build it manually.