Metadata Fetching and Querying

Many SAML-enabled services will query SAML metadata information frequently in order to determine where, and sometimes how, to send messages to the relying party. This usually means the service needs to be able to fetch a metadata document, cache it, and be able to query for specific entity information. The OpenSAML library provides mechanisms for doing this.

Metadata Provider

Fetching and querying metadata may be done through metadata providers. OpenSAML currently providers three types of providers in the org.opensaml.saml2.metadata.provider package:

• URLMetadataProvider - retrieves metadata from a URL using HTTP GET and may optionally do BASIC or SSL/TLS client-cert authentication
• FilesystemMetadataProvider - retrieves metadata from a file on the file system
• ChainingMetadataProvider - a metadata provider wrapper that iterates over a list of registered providers when querying for data

Querying

Each metadata provider contains three methods for query.

• getEntityDescriptor(String) - retrieves the entity descriptor for the entity identified by the given entity ID
• getRole(String, QName) - retrieves a list of role descriptors, of a given type, for the entity identified by the given ID
• getRole(String, QName, String) - like the above method but only returns role that support a given protocol

Metadata Filtering

Metadata providers allow you to attach a filter that will be invoked after the metadata has been fetched and unmarshalled. This filter may be used to remove unwanted data (e.g. an SP removing everything but !IdP's if it won't be communicating with other SPs). Such filtering can dramatically reduce the amount of memory used by cached content. If you wish to apply a series of filters you may use the org.opensaml.saml2.metadata.provider.MetadataFilterChain which maintains a list of metadata filters. The filters will be executed in the order they are added.