Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

SP Metadata Provider Filter Examples

The following examples are simply that, examples. They do not illustrate all possible configuration properties or features.

Refresh InCommon metadata

Contributed by: Mike Grady, University of Illinois at Urbana-Champaign

The following example demonstrates fetching InCommon Federation metadata from a URL, storing a backup copy locally, and ensuring that the metadata is properly signed and has a reasonable validity period. Only the IDPSSODescriptor and AttributeAuthorityDescriptor roles are consumed.

 Show Example
        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                 backingFilePath="incommon-metadata.xml" maxRefreshDelay="3600">
               <!-- Require validUntil of no more than 14 days -->
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
               <!-- Verify the signature on the metadata file -->
               <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
               <!-- Consume all IdP metadata in the aggregate -->
               <MetadataFilter type="EntityRoleWhiteList">
                 <RetainedRole>md:IDPSSODescriptor</RetainedRole>
                 <RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
               </MetadataFilter>
        </MetadataProvider>

  • No labels