RemoteMetadataAggregateExample

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 <!-- Load (and reload) a signed metadata aggregate from a remote HTTP server. This sample configuration assumes: (1) the top-level element of the XML document is signed; (2) the top-level element of the XML document is decorated with a validUntil attribute; (3) the validity interval is two weeks (P14D) in duration; and (4) the server supports HTTP conditional GET. The metadata refresh process is influenced by the configured values of the minRefreshDelay attribute (default: PT30S) and the maxRefreshDelay attribute (default: PT4H) and also by any cacheDuration and validUntil attributes in the metadata itself. If the server does not support HTTP conditional GET, the attributes should be adjusted accordingly. --> <MetadataProvider id="RemoteMetadataAggregate" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/federation-metadata-copy.xml" metadataURL="http://example.org/metadata/federation-metadata.xml"> <!-- Verify the signature on the root element of the metadata aggregate using a trusted metadata signing certificate. --> <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true" certificateFile="%{idp.home}/conf/metadata/md-cert.pem"/> <!-- Require a validUntil XML attribute on the root element and make sure its value is no more than 14 days into the future. --> <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D"/> <!-- Consume all SP metadata in the aggregate --> <MetadataFilter xsi:type="EntityRoleWhiteList"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>