ResourceBackedMetadataProvider loads metadata from a resource - a complex source that cannot be located from a file or an HTTP URL. The provider can be configured to periodically check and reload the metadata if needed.
Schema Names and location
<MetadataProvider> element and the type
ResourceBackedMetadataProvider are defined by the
urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
xsi:type of the <MetadataResource> is defined by the
urn:mace:shibboleth:2.0:resource schema which can be located at http://shibboleth.net/schema/idp/shibboleth-resource.xsd.
|String||required||Identifier for logging, identification for command line reload, etc.|
|String||required||Specifies the exact type of provider to use (from those listed above, or a custom extension type).|
The following attributes are common to all metadata provider types except the
Whether candidate metadata found by the resolver must be valid in order to be returned (where validity is implementation specific, but in SAML cases generally depends on a
|Boolean||true||Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does.|
|Integer||Defines the order in which metadata providers are searched (see below), can only be specified on top level |
|The following are advanced settings supporting a new low-level feature allowing metadata lookup by keys other than the unique entityID and are rarely of use to a deployer.|
|Bean ID||Identifies the a custom |
|Boolean||true||Flag which determines whether the default |
|Boolean||false||Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false).|
|Bean ID||shibboleth.ParserPool||Identifies a Spring bean for the (OpenSAML) |
|Bean ID||Identifies a Spring bean containing a Java |
|Duration||PT30S||Lower bound on the next refresh from the time calculated based on the metadata's expiration.|
|Duration||PT4H||Upper bound on the next refresh from the time calculated based on the metadata's expiration.|
|Real Number (strictly between 0.0 and 1.0)||0.75||A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata's expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay.|
Identifies an optional
Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection, when an entityID input criterion is not supplied.
|Duration||PT0S (disabled)||For each attempted metadata refresh (whether or not fresh metadata is obtained), if |
Any of the following child elements may be specified (in order).
|0 or more||A metadata filter applied to candidate metadata as it flows through the metadata pipeline|
|Exactly 1||Specifies the metadata resource type|
> child element is common to all metadata providers. The
<MetadataResource> child element is exclusive to the
<MetadataResource> child element is required. If none is configured, an error will occur.
The following example loads metadata from SVN:
The following example loads metadata from the Java Classpath: