The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

SPMetadataFilterExamples

SP Metadata Provider Filter Examples

The following examples are simply that, examples. They do not illustrate all possible configuration properties or features.

Refresh InCommon metadata

Contributed by: Mike Grady, University of Illinois at Urbana-Champaign

The following example demonstrates fetching InCommon Federation metadata from a URL, storing a backup copy locally, and ensuring that the metadata is properly signed and has a reasonable validity period. Only the IDPSSODescriptor and AttributeAuthorityDescriptor roles are consumed.

 Show Example
        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                 backingFilePath="incommon-metadata.xml" maxRefreshDelay="3600">
               <!-- Require validUntil of no more than 14 days -->
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
               <!-- Verify the signature on the metadata file -->
               <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
               <!-- Consume all IdP metadata in the aggregate -->
               <MetadataFilter type="EntityRoleWhiteList">
                 <RetainedRole>md:IDPSSODescriptor</RetainedRole>
                 <RetainedRole>md:AttributeAuthorityDescriptor</RetainedRole>
               </MetadataFilter>
        </MetadataProvider>