Page tree
Skip to end of metadata
Go to start of metadata

Metadata can be filtered, after loading it and before use. Filters are specified as a series of <MetadataFilter> elements, which are processed in the order in which they occur as children of the containing <MetadataProvider>

Filters are all defined by their xsi:type attribute.  All other attributes and child elements are specific to each filter. The filter types provided are:

  • ChainingFilter
    • Normally automatically applied whenever multiple filters appear, this wraps multiple filters into a chain, running each one in turn
  • RequiredValidUntil
    • Important for secure processing of metadata containing keys, it enforces requirements for metadata to carry an expiration and limits the size of that window
  • SchemaValidationFilter
    • Performs XML validation of a metadata source
  • SignatureValidation
    • The most common filter, checks the signature on a signed metadata source
  • EntityRoleWhiteList
    • A memory-saving filter, it deletes unneeded role information from metadata
  • EntityAttributes
    • A policy aid, this filter actually adds information, allowing "tags" to be attached to metadata for use in other parts of the system
  • Predicate
    • An extensible allow/deny filter, it can remove matching (or keep only matching) entities based on a set of built-in rules, or with an arbitrary condition
  • NameIDFormat 3.3
    • A policy aid, this filter adds information, allowing <NameIDFormat> elements to be attached to metadata for use in driving identifier format selection.


  • No labels