Versions Compared

Old Version 4

changes.mady.by.user Ian Young

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Table of Contents
minLevel1
maxLevel2

Overview

A filter of type ByReference is a new syntax aid that allows MetadataFilterConfiguration to be defined outside of <MetadataProvider> elements and reference named providers "out of band", separating the declaration of general metadata source details from deployer-specific filtering rues.

...

The ByReference syntax relies on a set of child elements named <MetadataFilters> that contain a providerRef XML attribute identifying the the <MetadataProvider> to > to apply a set of filters to, and then the filters to apply are declared within, in the normal way.

title
Note

Filter order is important!

This filter may or may not change the content of the metadata and so its use needs to be carefully coordinated with any inline filters. Out of band filters will run after any inline filters.

Reference

...

...

XML Elements

Name

Description

<MetadataFilters>

Each out of band declaration consists of a required XML attribute named providerRef and a sequence of zero or more

...

<MetadataFilter> elements of any of the normal types supported. V4.2+ allows providerRef to contain a space-delimited list of IDs of providers to apply the filter(s) to.

Example

The examples shows a typical usage pattern via a separate Spring resource loaded into the metadata resolver service by adding it to the resource set in conf/services.xml (e.g., perhaps in a file named conf/metadata-filters.xml)

collapse
Expand
Code Block
languagexml
true
<?xml version="1.0" encoding="UTF-8"?>
<MetadataFilter xsi:type="ByReference"
    xmlns="urn:mace:shibboleth:2.0:metadata"
    xmlns:security="urn:mace:shibboleth:2.0:security"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

              
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
              
urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd

              
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd

              
urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd

              
http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
              
http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd

              
http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
              
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">

    <MetadataFilters providerRef="InCommonMD">
        <MetadataFilter xsi:type="EntityAttributes">
            <saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues">
                <saml:AttributeValue>eduPersonPrincipalName</saml:AttributeValue>
            </saml:Attribute>
            <Entity>https://sp.example.
shibboleth.net
org/shibboleth</Entity>
        </MetadataFilter>
    </MetadataFilters>

</MetadataFilter>