You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
The following examples are simply that, examples. They do not illustrate all possible configuration properties or features.
Contributed by: Mike Grady, University of Illinois at Urbana-Champaign
The following example demonstrates reading in the InCommon federation metadata from a URL, storing a back up copy locally, ensuring that the metadata is properly signed and has a reasonable validity period, and only retaining the roles of IDPSSODescriptor and AttributeAuthorityDescriptor.
Show Example
<!-- Example of remotely supplied batch of signed metadata. -->
<MetadataProvider type="XML" uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFilePath="incommon-metadata.xml" reloadInterval="14400">
<!-- Require validUntil of no more than 14 days -->
<MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
<!-- Verify the signature on the metadata file -->
<MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
<!-- Consume all IdP metadata in the aggregate -->
<MetadataFilter type="EntityRoleWhiteList">
<RetainedRole>md:IDPSSODescriptor</RetainedRole>
<RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>