The <MetadataFilter> element configures a filter that examines metadata supplied by a metadata provider and deletes it if it fails to satisfy the filter's requrements.

Filters are generally used to impose additional security requirements on metadata.

Common Attributes

Signature MetadataFilter

Identified by type="Signature", validates any XML Signatures found in the metadata according to trust information configured into the filter. Embedded signatures are checked, but a primary signature over the metadata instance as a whole MUST be present.

<MetadataFilter type="Signature" key="signer.pem"/>

A variety of configuration options can be used, but they are mutually exclusive.


Child Elements

Whitelist MetadataFilter

Identified by type="Whitelist", deletes metadata for any entity not listed inside the plugin's configuration.

<MetadataFilter type="Whitelist">

Child Elements

Blacklist MetadataFilter

Identified by type="Blacklist", deletes metadata for any entity or entity group listed inside the plugin's configuration.

<MetadataFilter type="Blacklist">

Child Elements

RequireValidUntil MetadataFilter

Version 2.1 and Above

Identified by type="RequireValidUntil", rejects metadata whose root element does not contain a validUntil attribute, or whose validity period exceeds a threshold.

<MetadataFilter type="RequireValidUntil" maxValidityInterval="604800"/>