Versions Compared

Old Version 4

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 5

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel2

Anchor
ex1
ex1

...

Refresh InCommon metadata

...

Contributed by: Mike Grady, University of Illinois at Urbana-Champaign

The following example demonstrates reading in the fetching InCommon federation Federation metadata from a URL, storing a back up backup copy locally, and ensuring that the metadata is properly signed and has a reasonable validity period, and only retaining the roles of . Only the IDPSSODescriptor and AttributeAuthorityDescriptor roles are consumed.

Expand
Show Example
Show Example
Code Block
xml
xml
        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" uriurl="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                 backingFilePath="incommon-metadata.xml" reloadInterval="14400">
               <!-- Require validUntil of no more than 14 days -->
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
               <!-- Verify the signature on the metadata file -->
               <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
               <!-- Consume all IdP metadata in the aggregate -->
               <MetadataFilter type="EntityRoleWhiteList">
                 <RetainedRole>md:IDPSSODescriptor</RetainedRole>
                 <RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
               </MetadataFilter>
        </MetadataProvider>