Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
Table of Contents |
---|
Overview
...
To use the EntityAttributes
filter, sequences of <saml:Attribute>
elements are supplied as filter content. When a child element such as <Entity>
or <ConditionRef>
or <ConditionScript>
evaluates to true, the SAML attributes are applied to the corresponding entities as entity attributes. The software automatically adds or removes the parent <mdattr:EntityAttributes>
extension element as needed.
Note |
---|
Filter order is important! This filter changes the content of the metadata and so a filter of type |
Tip |
---|
Position the EntityAttributes filter for efficiency Deliberately position an |
...
SAML Attribute elements typically must be embedded in the configuration of the filter. The examples in this topic illustrate the most advisable approach.
Reference
XML Elements
The first two are optional, mutually exclusive, and must appear first:
Name | Description |
---|---|
<AttributeFilterRef> | Optional Bean ID of type Predicate |
The content of this element is an inline or local script resource that implements Predicate |
Then, any of the following can be supplied in any order:
...
Add entity attributes to metadata
The following example adds the entity attribute "https://sp.example.org/tagname1" to entity "https://sp1.example.org", and both "https://sp.example.org/tagname1" and "https://sp.example.org/tagname2" to entity "https://sp2.example.org"
...
Expand | |||||
---|---|---|---|---|---|
| |||||
|
Note |
---|
Protect your metadata-driven configuration An IdP that configures itself on-the-fly using entity attributes should include the previous filter in the overall sequence of filters. The previous filter should appear before any entity attributes are added by subsequent filters. On the other hand, if the metadata source is completely trustworthy (e.g., a local metadata source), the previous filter is not necessary. See the MetadataDrivenConfiguration topic for more info. |
...