Table of Contents |
---|
Overview
Identified by type="XML"
, this MetadataProvider batch loads metadata from a single source. Remote metadata is almost always intended to be signed and should expire regularly in accordance with the TrustManagement model of the software, and use of the SignatureMetadataFilter and RequireValidUntilMetadataFilter is generally assumed.
...
The type="XML"
attribute must be present.
Include Page | ||||
---|---|---|---|---|
|
It supports all of the attributes common to all reloadable configuration resources:
Include Page | ||||
---|---|---|---|---|
|
In addition, the following attributes specific to this plugin type are supported:
Name | Type | Default | Description | ||
---|---|---|---|---|---|
| boolean | true | When true, a JSON feed of IdP information will be produced and cached in memory for use by the DiscoveryFeed handler. Can be disabled to save processing and memory. | ||
| time in seconds | 600 | Determines the minimum refresh interval when polling a remote resource for changes | ||
| decimal between 0 and 1, non-inclusive | 0.75 | Factor applied to the metadata's own validity or caching period to determine the reload interval to use. Once applied, the result is bounded by the | ||
| boolean | true | When true, the underlying XML DOM structure is dropped after processing a new metadata instance. Set to false to maintain the DOM in memory if there are supplemental options being used that operate more efficiently with the DOM maintained. | ||
| boolean | false | When true, adds |
Child Elements
Include Page | ||||
---|---|---|---|---|
|
In addition, the following element specific to this plugin type is supported:
Name | Cardinality | Description |
---|---|---|
0 or more | Specifies an inclusion or exclusion filter to apply to the entities in the metadata for purposes of the JSON discovery feed. Any entities excluded are still included in all other uses of the metadata. |
Include Page | ||||
---|---|---|---|---|
|
Examples
Locally-Stored Metadata File
Code Block | ||||
---|---|---|---|---|
| ||||
<MetadataProvider type="XML" path="/path/to/the/metadata.xml"/> |
Remote Metadata Source
Code Block | ||||
---|---|---|---|---|
| ||||
<MetadataProvider type="XML" url="http://metadata.example.com/md/TheMetadata.xml" backingFilePath="Metadata.xml.bck"> <MetadataFilter type="Signature" certificate="metadata-signing-key.pem"/> <MetadataFilter type="RequireValidUntil" maxValidityInterval="8640000"/> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true" attributeName="http://macedir.org/entity-category" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="http://refeds.org/category/hide-from-discovery" /> </MetadataProvider> |
...