...
...
Refresh InCommon metadata
...
Contributed by: Mike Grady, University of Illinois at Urbana-Champaign
The following example demonstrates reading in the fetching InCommon federation Federation metadata from a URL, storing a back up backup copy locally, and ensuring that the metadata is properly signed and has a reasonable validity period, and only retaining the roles of . Only the IDPSSODescriptor and AttributeAuthorityDescriptor roles are consumed.
Expand |
---|
|
Code Block |
---|
| <!-- Example of remotely supplied batch of signed metadata. -->
<MetadataProvider type="XML" uriurl="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFilePath="incommon-metadata.xml" reloadInterval="14400">
<!-- Require validUntil of no more than 14 days -->
<MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
<!-- Verify the signature on the metadata file -->
<MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
<!-- Consume all IdP metadata in the aggregate -->
<MetadataFilter type="EntityRoleWhiteList">
<RetainedRole>md:IDPSSODescriptor</RetainedRole>
<RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
|
|