...
Name | Type | Default | Description |
---|---|---|---|
| Booleanboolean | true | Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an |
| Booleanboolean | true | Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntitiesDescriptor> element must include at least one child element, either an <md:EntityDescriptor> element or an <md:EntitiesDescriptor> element. |
Note | ||
---|---|---|
| ||
An <md:EntityDescriptor> element that contains an <md:AffiliationDescriptor> child element is treated in the same way as an <md:EntityDescriptor> element that contains no role descriptors. That is, if removeRolelessEntityDescriptors is true, both are filtered from the input. |
Child Elements
Name | Cardinality | Description |
---|---|---|
| 0 or more | The textual content is the XML QName of the role to be retained. Note that property replacement cannot be used on this element. |
Warning | ||
---|---|---|
| ||
If you forget to configure a <RetainedRole> child element, the filter will retain no roles; that is, an empty <MetadataFilter> element of type EntityRoleWhiteList will remove all roles (and therefore all entities) from the input. This is probably not what you want to do. |
Examples
The following example retains all <md:SPSSODescriptor>
elements in the input:
...
If a particular entity descriptor in the input contains no <md:SPSSODescriptor>
child element, all role descriptors are removed from the entity. If the value of the removeRolelessEntityDescriptors
attribute is true (which it is by default), the entity itself is removed as well.
...
In the unlikely event that no entity descriptor contains an <md:SPSSODescriptor>
child element, then all entities are removed. If the value of the removeEmptyEntitiesDescriptors
attribute is true (which it is by default), the parent any <md:EntitiesDescriptor>
element is removed as well. In other words, the entire metadata aggregate is filtered in this (extreme) case.
...
title | Don't forget to configure a child element |
---|
that contains no child element, neither an <md:EntityDescriptor>
element nor an <md:EntitiesDescriptor>
element, is removed as well.