Page tree
Skip to end of metadata
Go to start of metadata

Metadata can be filtered, after loading it but before its use. Filters are specified as a series of <MetadataFilter> elements, which are processed in the order in which they occur as children of the containing <MetadataProvider> element.

Like metadata providers, metadata filters are defined by their xsi:type attribute.  All other attributes and child elements are specific to each filter. The filter types provided are:

  • Chaining Filter (DEPRECATED)
    • Normally automatically applied whenever multiple filters appear, this wraps multiple filters into a chain, running each one in turn
  • RequiredValidUntil Filter
    • Important for secure processing of metadata containing keys, this filter forces the metadata to carry an expiration date and limits the size of the corresponding validity interval
  • SchemaValidation Filter
    • Performs XML schema validation on the metadata
  • SignatureValidation Filter
    • A common filter that checks the signature on signed metadata
  • EntityRoleWhiteList Filter
    • A memory-saving filter that deletes unneeded role information from the metadata
  • EntityAttributes Filter
    • A policy aid, this filter actually adds information, allowing "tags" to be attached to metadata for use in other parts of the system
  • Predicate Metadata Filter
    • An extensible allow/deny filter that removes matching (or keeps only matching) entities based on a set of built-in rules, or with an arbitrary condition
  • NameIDFormat Filter 3.3
    • A policy aid, this filter adds information, allowing <NameIDFormat> elements to be attached to metadata for use in driving identifier format selection.


  • No labels