Versions Compared

Old Version 13

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

compared with

New Version Current

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleFilter order is important!

This filter changes the content of the metadata and so a filter of type EntityRoleWhiteList should appear after any SignatureValidationFilter in the overall sequence of filters.

...

Schema

The <MetadataFilter> element and the type EntityRoleWhiteList are defined by the urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.

...

Attributes

NameTypeDefaultDescription

removeRolelessEntityDescriptors

booleantrue

Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntityDescriptor> element must include at least one role descriptor.

removeEmptyEntitiesDescriptors

booleantrueControls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an <md:EntitiesDescriptor> element must include at least one child element, either an <md:EntityDescriptor> element or an <md:EntitiesDescriptor> element.
Warning
titleAffiliation descriptors are removed by default
An <md:EntityDescriptor> element that contains an <md:AffiliationDescriptor> child element is handled the same way as an <md:EntityDescriptor> element that contains no role descriptors. That is, if removeRolelessEntityDescriptors is true, both are filtered from the input.

Child Elements

NameCardinalityDescription

<RetainedRole>

0 or more

The textual content is the XML QName of the role to be retained.

Note that property replacement cannot be used on this element.

...