The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Namespace: urn:mace:shibboleth:2.0:metadata
Schema: http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Overview

For example, suppose an IdP loads (and reloads) metadata from a remote HTTP source using a FileBackedHTTPMetadataProvider. Since the IdP is focused on the <md:SPSSODescriptor> elements in the metadata aggregate, all other role descriptors may be removed. See below for an explicit example.

Filter order is important!

This filter changes the content of the metadata and so a filter of this type should appear after any SignatureValidationFilter in the overall sequence of filters.

Reference

Examples

The following example retains all <md:SPSSODescriptor> elements in the input:

If a particular entity in the input contains no <md:SPSSODescriptor> child element, all role descriptors are removed from the entity. If the value of the removeRolelessEntityDescriptors attribute is true (which it is by default), the entity itself is removed as well.

If the value of the removeEmptyEntitiesDescriptors attribute is true (which it is by default), any <md:EntitiesDescriptor> element that contains neither an <md:EntityDescriptor> element nor an <md:EntitiesDescriptor> element is removed as well.

  • No labels