The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Current »

Namespace: urn:mace:shibboleth:2.0:metadata
Schema: http://shibboleth.net/schema/idp/shibboleth-metadata.xsd

Overview

The SchemaValidation filter allows the validation of the provided metadata against an XML schema. Note that while schema validation can catch a variety of errors in metadata, it is not sufficient to prevent all possible sources of error because XSD isn't expressive enough in practice to describe all the requirements of the standard. Metadata sources should be limited to trustworthy publishers whether this filter is used or not.

Reference

 XML Attributes

Name

Type

Default

Description

schemaBuilderRef

Bean ID

shibboleth.SchemaBuilder

Bean ID of type SAMLSchemaBuilder. The default validates against SAML 2.0, SAML 1.1 and many common (to Shibboleth deployments) metadata extension schemas such as MDATTR, MDUI and MDRPI.

 Properties (V4.1+)

Name

Type

Default

Description

idp.schemaValidation.strict

Boolean

false

When true, enables a more strict version of the SAML schemas to be applied that disallow empty string- or URI-valued elements, which is a requirement of the standard but is not enforced by the original schemas. This is not foolproof, but it does catch a number of commonly broken cases.

 Beans (V4.1+)

These beans were added to support easier supplementing of the schemas to load for validation of metadata. They are lists of Spring resources, and should be classpath-based resources for the parser to resolve them properly.

Name

Type

Description

shibboleth.ExtensionSchemas

List<Resource>

Reserved name of a bean to supply extension schemas to load

shibboleth.DefaultExtensionSchemas

List<Resource>

Built-in list of extension schemas that can be extended

To add a custom schema, you would define shibboleth.ExtensionSchemas in global.xml or a similar spot and merge that with the parent bean:

    <bean id="shibboleth.ExtensionSchemas" parent="shibboleth.DefaultExtensionSchemas">
        <property name="sourceList">
            <list merge="true">
                <value>classpath:/schema/custom-schema.xsd</value>
            </list>
        </property>
    </bean>

Examples

SAML Schema Validation
<MetadataFilter xsi:type="SchemaValidation" />


  • No labels