Architecture
- pyFF is a SAML metadata processor.
- pyFF can be used to fetch, validate, verify, sign, transform, store, index and search SAML metadata.
- pyFF does its work by following small programs called pipelines written in yaml syntax consisting of steps/primitives called pipes
Deploying pyFF typically means figuring out what SAML metadata to fetch and from where, how to transform it to suit your metadata consumers expectations and needs and finally publish the metadata. All these steps are encoded in a yaml-file called a pipeline which pyFF executes like a program.
The following diagram illustrates the relationships between the elements that make up the pyFF execution model.
- a pipeline (consisting of pipes) transforms an initial state to an object - typically a piece of SAML metadata
- there are no loops in the pyFF pipeline programming language so all pipelines will probably terminate
- the pyFF metadata store is updated using the load pipe and queried using the select step.
Most pyFF pipelines will contain at least one select statement and one load statement. The latter is used to fetch metadata (either local or remote) and the former is used to populate the active tree which subsequent pipes modify to form the resulting object.