Identified by type="XML"
, this MetadataProvider batch loads metadata from a single source. Remote metadata is almost always intended to be signed and should expire regularly in accordance with the TrustManagement model of the software, and use of the SignatureMetadataFilter and RequireValidUntilMetadataFilter is generally assumed.
This metadata plugin type is implemented as a reloadable XML resource, which means that the metadata can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML in all cases MUST be either an <EntityDescriptor>
or, more commonly with batches, <EntitiesDescriptor>
element.
This is historically the most common way to configure metadata, but for large metadata sources the on-demand types (MDQ
, Dynamic
, LocalDynamic
) will be increasingly used instead.
The |
In addition, the following attributes specific to this plugin type are supported:
|
In addition, the following child element specific to this plugin type is supported:
|
<MetadataProvider type="XML" path="/path/to/the/metadata.xml"/> |
<MetadataProvider type="XML" url="http://metadata.example.com/md/TheMetadata.xml" backingFilePath="Metadata.xml.bck"> <MetadataFilter type="Signature" certificate="metadata-signing-key.pem"/> <MetadataFilter type="RequireValidUntil" maxValidityInterval="8640000"/> <DiscoveryFilter type="Exclude" matcher="EntityAttributes" trimTags="true" attributeName="http://macedir.org/entity-category" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="http://refeds.org/category/hide-from-discovery" /> </MetadataProvider> |