The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

SP Metadata Provider Filter Examples

The following examples are simply that, examples. They do not illustrate all possible configuration properties or features.

Load InCommon metadata and only retain roles necessary for interacting with both Shibv1 (SAML1) and Shibv2 (SAML2) IdPs

Contributed by: Mike Grady, University of Illinois at Urbana-Champaign

The following example demonstrates reading in the InCommon federation metadata from a URL, storing a back up copy locally, ensuring that the metadata is properly signed and has a reasonable validity period, and only retaining the roles of IDPSSODescriptor and AttributeAuthorityDescriptor.

 Show Example
        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                 backingFilePath="incommon-metadata.xml" reloadInterval="14400">
               <!-- Require validUntil of no more than 14 days -->
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
               <!-- Verify the signature on the metadata file -->
               <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
               <!-- Consume all IdP metadata in the aggregate -->
               <MetadataFilter type="EntityRoleWhiteList">
                 <RetainedRole>md:IDPSSODescriptor</RetainedRole>
                 <RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
               </MetadataFilter>
        </MetadataProvider>
  • No labels