Metadata can be filtered, after loading it and before use. Filters are specified as a series of <MetadataFilter>
elements, which are processed in the order in which they occur as children of the containing <MetadataProvider>
Filters are all defined by their xsi:type
attribute. All other attributes and child elements are specific to each filter. The filter types provided are:
- ChainingFilter
- Normally automatically applied whenever multiple filters appear, this wraps multiple filters into a chain, running each one in turn
- Normally automatically applied whenever multiple filters appear, this wraps multiple filters into a chain, running each one in turn
- RequiredValidUntil
- Important for secure processing of metadata containing keys, it enforces requirements for metadata to carry an expiration and limits the size of that window
- Important for secure processing of metadata containing keys, it enforces requirements for metadata to carry an expiration and limits the size of that window
- SchemaValidationFilter
- Performs XML validation of a metadata source
- Performs XML validation of a metadata source
- SignatureValidation
- The most common filter, checks the signature on a signed metadata source
- The most common filter, checks the signature on a signed metadata source
- EntityRoleWhiteList
- A memory-saving filter, it deletes unneeded role information from metadata
- A memory-saving filter, it deletes unneeded role information from metadata
- EntityAttributes
- A policy aid, this filter actually adds information, allowing "tags" to be attached to metadata for use in other parts of the system
- Predicate
- An extensible allow/deny filter, it can remove matching (or keep only matching) entities based on a set of built-in rules, or with an arbitrary condition
- NameIDFormat 3.3
- A policy aid, this filter adds information, allowing
<NameIDFormat>
elements to be attached to metadata for use in driving identifier format selection.
- A policy aid, this filter adds information, allowing