Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Table of Contents

Overview

...

Expand
titleXML Attributes

Name / Default

Type

Default

Description

requireSignedRoot

Boolean

true

If true, this fails to load metadata with no signature on the root XML element.

alwaysVerifyTrustedSource

Boolean

false

If true, the root signature of the metadata currently being processed will always be verified.

If false, then the root signature will be verified unless the metadata source is "trusted", defined as:

  • The backup file of a FileBackedHTTPMetadataProvider

certificateFile

File pathname

Path to a certificate file whose key is used to verify the signature.

Conflicts with trustEngineRef and both allowable child elements.

trustEngineRef

Bean ID of a TrustEngine

Bean ID of a <security:TrustEngine> defined somewhere else in the configuration.

Conflicts with certificateFile and both allowable child elements.

defaultCriteriaRef

Bean ID of CriteriaSet

Internal bean

(ADVANCED, not generally needed)

Bean ID of an externally defined CriteriaSet used as input the to the trust engine

signaturePrevalidatorRef

Bean ID of SignaturePrevalidator

SAMLSignatureProfileValidator

(ADVANCED, not generally needed)

Bean ID of an externally defined SignaturePrevalidator. Used to perform pre-validation of an XML Signature, for example to validate that the signature conforms to a particular profile of XML Signature.

dynamicTrustedNamesStrategyRef

Bean ID (see desc)

BasicDynamicTrustedNamesStrategy

(ADVANCED, not generally needed)

Bean ID of an externally defined Function<XMLObject, Set<String>>. This will be used to extract dynamic trusted names from signed metadata elements.

...