You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
Namespace: urn:mace:shibboleth:2.0:metadata
Schema: http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
Overview
A filter of type ByReference
is a new syntax aid that allows MetadataFilterConfiguration to be defined outside of <MetadataProvider>
elements and reference named providers "out of band", separating the declaration of general metadata source details from deployer-specific filtering rues.
There is nothing functionally different about using this approach; it's purely a configuration style issue.
The ByReference
syntax relies on a set of child elements named <MetadataFilters>
that contain a providerRef
XML attribute identifying the <MetadataProvider>
to apply a set of filters to, and then the filters to apply are declared within, in the normal way.
Reference
XML Elements
Name | Description |
---|
<MetadataFilters>
| Each out of band declaration consists of a required XML attribute named providerRef and a sequence of zero or more <MetadataFilter> elements of any of the normal types supported |
Example
The examples shows a typical usage pattern via a separate Spring resource loaded into the metadata resolver service by adding it to the resource set in conf/services.xml (e.g., perhaps in a file named conf/metadata-filters.xml)
<?xml version="1.0" encoding="UTF-8"?>
<MetadataFilter xsi:type="ByReference"
xmlns="urn:mace:shibboleth:2.0:metadata"
xmlns:security="urn:mace:shibboleth:2.0:security"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
<MetadataFilters providerRef="InCommonMD">
<MetadataFilter xsi:type="EntityAttributes">
<saml:Attribute Name="http://shibboleth.net/ns/attributes/releaseAllValues">
<saml:AttributeValue>eduPersonPrincipalName</saml:AttributeValue>
</saml:Attribute>
<Entity>https://sp.example.org/shibboleth</Entity>
</MetadataFilter>
</MetadataFilters>
</MetadataFilter>