XMLMetadataProvider

1 Overview
2 Reference
3 Examples
- 3.1 Locally-Stored Metadata File
- 3.2 Remote Metadata Source

Overview

Identified by type="XML", this MetadataProvider batch loads metadata from a single source. Remote metadata is almost always intended to be signed and should expire regularly in accordance with the TrustManagement model of the software, and use of the SignatureMetadataFilter and RequireValidUntilMetadataFilter is generally assumed.

This metadata plugin type is implemented as a reloadable XML resource, which means that the metadata can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML in all cases MUST be either an <EntityDescriptor> or, more commonly with batches, <EntitiesDescriptor> element.

This is historically the most common way to configure metadata, but for large metadata sources the on-demand types (MDQ, Dynamic, LocalDynamic) will be increasingly used instead.

Reference

The type="XML" attribute must be present.

In addition, the following attributes specific to this plugin type are supported:

Name	Type	Default	Description

Name	Type	Default	Description
discoveryFeed	boolean	true	When true, a JSON feed of IdP information will be produced and cached in memory for use by the DiscoveryFeed handler. Can be disabled to save processing and memory.
minRefreshDelay	time in seconds	600	Determines the minimum refresh interval when polling a remote resource for changes
refreshDelayFactor	decimal between 0 and 1, non-inclusive	0.75	Factor applied to the metadata's own validity or caching period to determine the reload interval to use. Once applied, the result is bounded by the minRefreshDelay and maxRefreshDelay settings to determine the time of the next attempt. If reload attempts fail, the interval will increase in linear fashion to limit failed attempts.
dropDOM	boolean	true	When true, the underlying XML DOM structure is dropped after processing a new metadata instance. Set to false to maintain the DOM in memory if there are supplemental options being used that operate more efficiently with the DOM maintained.
tagsInFeed	boolean	false	When true, adds <EntityAttribute> extension attribute values (simple-valued only) to the discovery feed

Examples

Locally-Stored Metadata File

<MetadataProvider type="XML" path="/path/to/the/metadata.xml"/>

Remote Metadata Source

<MetadataProvider type="XML" url="http://metadata.example.com/md/TheMetadata.xml" backingFilePath="Metadata.xml.bck">
    <MetadataFilter type="Signature" certificate="metadata-signing-key.pem"/>
	<MetadataFilter type="RequireValidUntil" maxValidityInterval="8640000"/>
	<DiscoveryFilter type="Exclude" matcher="EntityAttributes" trimTags="true"
      attributeName="http://macedir.org/entity-category"
      attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      attributeValue="http://refeds.org/category/hide-from-discovery" />
</MetadataProvider>