Versions Compared

Old Version 8

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Table of Contents
minLevel1
maxLevel2

Overview

A filter of type ByReference is a new syntax aid that allows MetadataFilterConfiguration to be defined outside of <MetadataProvider> elements and reference named providers "out of band", separating the declaration of general metadata source details from deployer-specific filtering rues.

...

The ByReference syntax relies on a set of child elements named <MetadataFilters> that contain a providerRef XML attribute identifying the the <MetadataProvider> to > to apply a set of filters to, and then the filters to apply are declared within, in the normal way.

...

Name

Description

<MetadataFilters>

Each out of band declaration consists of a required XML attribute named providerRef and a sequence of zero or more <MetadataFilter> <MetadataFilter> elements of any of the normal types supported. V4.2+ allows providerRef to contain a space-delimited list of IDs of providers to apply the filter(s) to.

Example

The examples shows a typical usage pattern via a separate Spring resource loaded into the metadata resolver service by adding it to the resource set in conf/services.xml (e.g., perhaps in a file named conf/metadata-filters.xml)

Expand
Code Block
languagexml
<?xml version="1.0" encoding="UTF-8"?>
<MetadataFilter xsi:type="ByReference"
    xmlns="urn:mace:shibboleth:2.0:metadata"
    xmlns:security="urn:mace:shibboleth:2.0:security"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
        
               urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
       
                urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
      
                 urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
     
                  urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
    
                   http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
   
                    http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
  
                     http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
         
              http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">

    <MetadataFilters providerRef="InCommonMD">
        <MetadataFilter xsi:type="EntityAttributes">
            <saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues">
                <saml:AttributeValue>eduPersonPrincipalName</saml:AttributeValue>
            </saml:Attribute>
            <Entity>https://sp.example.org/shibboleth</Entity>
        </MetadataFilter>
    </MetadataFilters>

</MetadataFilter>

...