Declaring the metadata sources

Every potential source of metadata is declared to the Discovery Service by a <MetadataProvider> element in the $DS_HOME/wayfconfig.xml file.

If the wayfconfig.xml file is changed, you need to restart the service

The <MetadataProvider> element must have the following attributes

In addition, if the http:// or form https://<RemotePath> is used, the following attributes may be specified:

In all cases, for releases starting V1.2.0, the following attributes to perform extra data validation, or the reload frequency,

Setting the min and max refresh delay to the same value is a nonsensical configuration. Don't do it.

     displayName="Local Federation"

     displayName="UK Federation"
     maxValidityInterval = "P7D"      

In all cases, the Discovery Service will reload metadata as soon as it has been changed. It is not necessary to restart the service

If the metadata contains <DiscoveryResponse> elements, then the binding attribute is checked. If an entity has an invalid binding then it is removed from the metadata and a note written to the log. If required the behavior can be limited to issuing a warning bu setting the element "warnOnBadBinding" in the <Default> configuration to be "true".

Using the metadata source.

Once a metadata source has been declared, it is associated with a specific location via the <DiscoveryServiceHandler> element.

<DiscoveryServiceHandler [...]>
   <Federation identifier="UkFed"/>

The DiscoveryServiceHandler is discussed in more details in DSUserInterface

Filtering Metadata

A <MetadataProvider> may have one or more custom filters added (written in Java). Each filter has to implement org.opensaml.saml2.metadata.provider.MetadataFilter and have a constructor which take a single parameter of type org.w3c.dom.Element (this being the element which defines the filter as described below).

A filter is associated with a Metadata Provider via a <Filter> element. This is unstructured. It may have any attributes and sub elements which can be used to provide parameters to the code. It must have the following attributes:

<MetadataProvider [...]>
   <Filter identifier="Filter1"
   <Filter identifier="Filter2"

White and BlackList

The DiscoveryService is shipped with a simple white-list and black-list filter. Given a list of entities, the metadata will be adjusted to remove all elements which are not in the list (white list operation) or to remove all entities which are on the list (blacklist operation).

The filter is configured thus:

<Filter identifier="Black" 

The excludeEntries controls whether elements on the list are excluded from the metadata (blacklist operation) or have to be included (white list operation).

The resulting metadata must include all SPs which interact with the DS. This is particularly important to remember when buidling white list (excludeEntries="false") filters