<MetadataProvider id="InCommonMD" xsi:type="FileBackedHTTPMetadataProvider"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="%{idp.home}/metadata/InCommon-metadata.xml"
failFastInitialization="false">
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
certificateFile="%{idp.home}/credentials/incommon.pem" />
<MetadataFilter xsi:type="EntityRoleWhiteListEntityRole">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
<MetadataFilter xsi:type="EntityAttributes">
<saml:Attribute Name="http://shibboleth.net/ns/profiles/defaultAuthenticationMethods"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://example.org/ac/classes/mfa</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>false</saml:AttributeValue>
</saml:Attribute>
<Entity>https://sp.example.org/sp</Entity>
</MetadataFilter>
</MetadataProvider> |