SP Metadata Provider Filter Examples

The following examples are simply that, examples. They do not illustrate all possible configuration properties or features.

Refresh InCommon metadata

Contributed by: Mike Grady, University of Illinois at Urbana-Champaign

The following example demonstrates fetching InCommon Federation metadata from a URL, storing a backup copy locally, and ensuring that the metadata is properly signed and has a reasonable validity period. Only the IDPSSODescriptor and AttributeAuthorityDescriptor roles are consumed.

        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                 backingFilePath="incommon-metadata.xml" maxRefreshDelay="3600">
               <!-- Require validUntil of no more than 14 days -->
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
               <!-- Verify the signature on the metadata file -->
               <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
               <!-- Consume all IdP metadata in the aggregate -->
               <MetadataFilter type="EntityRoleWhiteList">
                 <RetainedRole>md:IDPSSODescriptor</RetainedRole>
                 <RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
               </MetadataFilter>
        </MetadataProvider>