Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
Table of Contents | ||||
---|---|---|---|---|
|
Overview
...
...
The
...
title | V4.1+ |
---|
EntityRole
filter removes unwanted role descriptors from entity metadata. Depending on the size and composition of the input, metadata filtered in this way may have a significantly reduced memory footprint.
For example, suppose an IdP loads (and reloads) metadata from a remote HTTP source using a FileBackedHTTPMetadataProvider. Since the IdP is focused on the <md:SPSSODescriptor>
elements in the metadata aggregate, all other role descriptors may be removed. See below for an explicit example.
...
The following example retains all <md:SPSSODescriptor>
elements in the input:
Expand | |||||
---|---|---|---|---|---|
| |||||
Retain SP roles unsafe-only
|
...
Retain SP roles unsafe-only
Code Block | ||
---|---|---|
| ||
<MetadataFilter xsi:type="EntityRole" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter> |
If a particular entity in the input contains no <md:SPSSODescriptor>
child element, all role descriptors are removed from the entity. If the value of the removeRolelessEntityDescriptors
attribute is true (which it is by default), the entity itself is removed as well.
...