The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

A filter of type ByReference is a new syntax aid that allows other MetadataFilterConfiguration to be defined outside of <MetadataProvider> elements and reference named providers "out of band", separating the declaration of general metadata source details from deployer-specific filtering rues.

There is nothing functionally different about using this approach; it's purely a configuration style issue.

Overview

The ByReference syntax relies on a set of child elements named <MetadataFilters> that contain a providerRef XML attribute identifying the <MetadataProvider> to apply a set of filters to, and then the filters to apply are declared within, in the normal way.

Filter order is important!

This filter may or may not change the content of the metadata and so its use needs to be carefully coordinated with any inline filters. Out of band filters will run after any inline filters.

Schemas

The <MetadataFilter> element and the type ByReference are defined by the urn:mace:shibboleth:2.0:metadata namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Reference

Attributes

None.

Child Elements

Any of the following can be supplied in any order:

NameDescription

<MetadataFilters>

Each out of band declaration consists of a required XML attribute named providerRef and a sequence of zero or more <MetadataFilter> elements of any of the normal types supported.

Example

The examples shows a typical usage pattern via a separate Spring resource loaded into the metadata resolver service by adding it to the resource set in conf/services.xml (e.g., perhaps in a file named conf/metadata-filters.xml)

<?xml version="1.0" encoding="UTF-8"?>
<MetadataFilter xsi:type="ByReference"
    xmlns="urn:mace:shibboleth:2.0:metadata"
    xmlns:security="urn:mace:shibboleth:2.0:security"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
                        urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
                        urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
                        http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
                        http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
                        http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
                        http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">

    <MetadataFilters providerRef="InCommonMD">
        <MetadataFilter xsi:type="EntityAttributes">
            <saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues">
                <saml:AttributeValue>eduPersonPrincipalName</saml:AttributeValue>
            </saml:Attribute>
            <Entity>https://wiki.shibboleth.net/shibboleth</Entity>
        </MetadataFilter>
    </MetadataFilters>

</MetadataFilter>



  • No labels