Versions Compared

Old Version 20

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Table of Contents
minLevel1
maxLevel3

Overview

localtab-livetrue
Localtabgroup
Expand
titleV4.0

The EntityRoleWhiteList filter removes unwanted role descriptors from entity metadata. Depending on the size and composition of the input, metadata filtered in this way may have a significantly reduced memory footprint.

Localtab live
active
Expand
titleV4.1+

The EntityRole filter removes unwanted role descriptors from entity metadata. Depending on the size and composition of the input, metadata filtered in this way may have a significantly reduced memory footprint.

For example, suppose an IdP loads (and reloads) metadata from a remote HTTP source using a FileBackedHTTPMetadataProvider. Since the IdP is focused on the <md:SPSSODescriptor> elements in the metadata aggregate, all other role descriptors may be removed. See below for an explicit example.

...

Expand
titleXML Elements

Name

Cardinality

Description

<RetainedRole>

0 or more

The textual content is the XML QName of the role to be retained.

Note that property replacement cannot be used on this element.

Warning

Don't forget to configure a child element

If you forget to configure a <RetainedRole> child element, the filter will retain no roles; that is, an empty <MetadataFilter> element of this type will remove all roles (and therefore all entities) from the input. This is probably not what you want.

Examples

The following example retains all <md:SPSSODescriptor> elements in the input:

localtab-livetrue
Localtabgroup
Expand
titleV4.0
Retain SP roles unsafe-only
Code Block
languagexml
<MetadataFilter xsi:type="EntityRoleWhiteList" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
    <RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
Localtab live
active
Expand
titleV4.1+
Retain SP roles unsafe-only
Code Block
languagexml
<MetadataFilter xsi:type="EntityRole" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
    <RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>

...