Versions Compared

Old Version 22

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 23

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents


Overview

Identified by type="XML", this MetadataProvider batch loads metadata from a single source. Remote metadata is almost always intended to be signed and should expire regularly in accordance with the TrustManagement model of the software, and use of the SignatureMetadataFilter and RequireValidUntilMetadataFilter is generally assumed.

...

The type="XML" attribute must be present.

Include Page
MetadataProviderCommonAttributes
MetadataProviderCommonAttributes

It supports all of the attributes common to all reloadable configuration resources:

Include Page
ReloadableConfigurationAttributes
ReloadableConfigurationAttributes

In addition, the following attributes specific to this plugin type are supported:

Name

Type

Default

Description

Code Block
discoveryFeed

boolean

true

When true, a JSON feed of IdP information will be produced and cached in memory for use by the DiscoveryFeed handler. Can be disabled to save processing and memory.

Code Block
minRefreshDelay

time in seconds

600

Determines the minimum refresh interval when polling a remote resource for changes

Code Block
refreshDelayFactor

decimal between 0 and 1, non-inclusive

0.75

Factor applied to the metadata's own validity or caching period to determine the reload interval to use. Once applied, the result is bounded by the minRefreshDelay and maxRefreshDelay settings to determine the time of the next attempt. If reload attempts fail, the interval will increase in linear fashion to limit failed attempts.

Code Block
dropDOM

boolean

true

When true, the underlying XML DOM structure is dropped after processing a new metadata instance. Set to false to maintain the DOM in memory if there are supplemental options being used that operate more efficiently with the DOM maintained.

Code Block
tagsInFeed

boolean

false

When true, adds <EntityAttribute> extension attribute values (simple-valued only) to the discovery feed

Child Elements

Include Page
MetadataProviderChildElements
MetadataProviderChildElements

In addition, the following element specific to this plugin type is supported:

Name

Cardinality

Description

<DiscoveryFilter>

0 or more

Specifies an inclusion or exclusion filter to apply to the entities in the metadata for purposes of the JSON discovery feed. Any entities excluded are still included in all other uses of the metadata.

Include Page
ReloadableConfigurationElements
ReloadableConfigurationElements

Examples

Locally-Stored Metadata File
Code Block
title
languagexmlLocally-Stored Metadata File
<MetadataProvider type="XML" path="/path/to/the/metadata.xml"/>


Remote Metadata Source
Code Block
languagexmltitleRemote Metadata Source
<MetadataProvider type="XML" url="http://metadata.example.com/md/TheMetadata.xml" backingFilePath="Metadata.xml.bck">
    <MetadataFilter type="Signature" certificate="metadata-signing-key.pem"/>
	<MetadataFilter type="RequireValidUntil" maxValidityInterval="8640000"/>
	<DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
      attributeName="http://macedir.org/entity-category"
      attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      attributeValue="http://refeds.org/category/hide-from-discovery" />
</MetadataProvider>

...