Page Comparison

...

id - provides a unique, amongst metadata providers, identifier that may be used to reference the provider

Code Block

	xml
	xml
title	Example File Backed HTTP Metadata Provider Configuration	xml

<!-- RelyingParty elements above this point -->
<MetadataProvider xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" 
                  id="MyMetadata">

    <MetadataProvider xsi:type="FilesystemMetadataProvider"
                      id="InternalMetadata" 
                      metadataFile="/path/to/my/metadata-internal.xml" />

    <MetadataProvider xsi:type="FileBackedHTTPMetadataProvider"
                      id="External Metadata"
                      metadataURL="http://example.org/metadata.xml"
                      backingFile="/tmp/idp-metadata.xml" />

</MetadataProvider>

...

Note
Setting the min and max refresh delay to the same value is a nonsensical configuration. Don't do it.

Code Block

	xml
	xml
title	Example Filesystem Metadata Provider Configuration	xml

<!-- RelyingParty elements above this point -->
<MetadataProvider xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                  id="MyMetadata"
                  metadataFile="/path/to/my/metadata.xml" />

...

Note
Setting the min and max refresh delay to the same value is a nonsensical configuration. Don't do it.

Code Block

	xml
	xml
title	Example File Backed HTTP Metadata Provider Configurationxml

<!-- RelyingParty elements above this point -->
<MetadataProvider xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                  id="MyMetadata"
                  metadataURL="http://example.org/metadata.xml"
                  backingFile="/tmp/idp-metadata.xml" />

...

Note
Setting the min and max refresh delay to the same value is a nonsensical configuration. Don't do it.

Code Block

	xml
	xml
title	Example HTTP Metadata Provider Configurationxml

<!-- RelyingParty elements above this point -->
<MetadataProvider xsi:type="HTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                  id="MyMetadata"
                  metadataURL="http://example.org/metadata.xml" />

...

The content of the <MetadataProvider> element is then either a SAML 2 metadata <EntitiesDescriptor> or <EntityDescriptor> element.

Code Block

	xml
	xml
title	Example Inline Metadata Provider Configurationxml

<!-- RelyingParty elements above this point -->
<MetadataProvider xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                  id="MyInlineMetadata">

   <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
      <!-- Rest of SAML 2 metadata -->
   </EntitiesDescriptor>

</MetadataProvider>

...

The content of the MetadataFilter element is other MetadataFilter elements.

Code Block

	xml
	xml
title	Example Chaining Metadata Filter	xml

<MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata">

    <MetadataFilter xsi:type="SignatureValidation" trustEngineRef="shibboleth.SignatureTrustEngine" />
    <MetadataFilter xsi:type="EntityRoleWhiteList">
        <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
    </MetadataFilter>

</MetadataFilter>

...

This filter is defined by the element <MetadataFilter xsi:type="SchemaValidation" xmlns="urn:mace:shibboleth:2.0:metadata">. It may contain any number of <ExtensionSchema> elements whose content is the classpath location for additional XML Schema files to use during validation.

Code Block

	xml
	xml
title	Example Schema Validation Filter	xml

<MetadataFilter xsi:type="SchemaValidation" xmlns="urn:mace:shibboleth:2.0:metadata">
   <ExtensionSchema>/schema/foo.xsd</ExtensionSchema>
</MetadataFilter>

...

maxValidityInterval - the interval, in seconds, from now within which the validUntil date must fall. A value of zero indicates no upper limit. Default value: 0

Code Block

	xml
	xml
title	Example Required validUntil Filterxml

<MetadataFilter xsi:type="RequiredValidUntil" xmlns="urn:mace:shibboleth:2.0:metadata" 
                maxValidityInterval="604800" />

...

requireSignedMetadata - a boolean flag that requires that incoming metadata be signed (default value: false)

Code Block

	xml
	xml
title	Example Signature Validation Filterxml

<MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata"
                trustEngineRef="shibboleth.MetadataTrustEngine"
                requireSignedMetadata="true" />

...

Regardless of the values of the two optional attributes the root element of a metadata document is never removed, even if after filtering it is basically empty.

Code Block

	xml
	xml
title	Example Entity Role WhiteList Filterxml

<MetadataFilter xsi:type="EntityRoleWhiteList" xmlns="urn:mace:shibboleth:2.0:metadata">
    <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
</MetadataFilter>

...

Versions Compared

Old Version 60

New Version 61

Key