Metadata Fetching and Querying
Many SAML-enabled services will query SAML metadata information frequently in order to determine where, and sometimes how, to send messages to the relying party. This usually means the service needs to be able to fetch a metadata document, cache it, and be able to query for specific entity information. The OpenSAML library provides mechanisms for doing this.
Fetching and querying metadata may be done through metadata providers. OpenSAML currently providers three types of providers in the
- URLMetadataProvider - retrieves metadata from a URL using HTTP GET and may optionally do BASIC or SSL/TLS client-cert authentication
- FilesystemMetadataProvider - retrieves metadata from a file on the file system
- ChainingMetadataProvider - a metadata provider wrapper that iterates over a list of registered providers when querying for data
Each metadata provider contains three methods for query.
- getEntityDescriptor(String) - retrieves the entity descriptor for the entity identified by the given entity ID
- getRole(String, QName) - retrieves a list of role descriptors, of a given type, for the entity identified by the given ID
- getRole(String, QName, String) - like the above method but only returns role that support a given protocol
Metadata providers allow you to attach a filter that will be invoked after the metadata has been fetched and unmarshalled. This filter may be used to remove unwanted data (e.g. an SP removing everything but !IdP's if it won't be communicating with other SPs). Such filtering can dramatically reduce the amount of memory used by cached content. If you wish to apply a series of filters you may use the
org.opensaml.saml2.metadata.provider.MetadataFilterChain which maintains a list of metadata filters. The filters will be executed in the order they are added.