Namespace: urn:mace:shibboleth:2.0:metadata
Schema: http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
Table of Contents
Overview
The root <md:EntitiesDescriptor>
element of a remotely obtained metadata file should be decorated with a validUntil
XML attribute. Before the metadata is loaded, the expiration date is checked. If the validUntil
attribute indicates the metadata is expired, the metadata is discarded.
The validity check described in the previous paragraph is always performed, regardless of the filters applied to the metadata. In addition to this basic validity check, the RequiredValidUntil
filter is used to detect metadata that never expires or has too long a validity period, both of which undermine the usual trust model supported by Shibboleth, and the only one actually standardized in SAML.
...
Note | ||
---|---|---|
| ||
In practice, a |
Reference
...
...
XML Attributes
Name | Type | Default | Description | ||
---|---|---|---|---|---|
| Duration | PT14D
| Defines the window within which the metadata is valid. A value of zero is a no-op and should be avoided |
...
. |
Example
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- Require a validUntil XML attribute on the EntitiesDescriptor element and make sure its value is no more than 14 days into the future. --> <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D"/> |
...