<MetadataFilter> element configures a filter that examines metadata supplied by a metadata provider and deletes it if it fails to satisfy the filter's requrements.
Filters are generally used to impose additional security requirements on metadata.
type="Signature", validates any XML Signatures found in the metadata according to trust information configured into the filter. Embedded signatures are checked, but a primary signature over the metadata instance as a whole MUST be present.
<MetadataFilter type="Signature" key="signer.pem"/>
A variety of configuration options can be used, but they are mutually exclusive.
type="Whitelist", deletes metadata for any entity not listed inside the plugin's configuration.
<MetadataFilter type="Whitelist"> <Include>https://sp.goodguy.com/shibboleth</Include> </MetadataFilter>
<Include>(zero or more)
entityIDfound in the source metadata and only matching entities are kept.
type="Blacklist", deletes metadata for any entity or entity group listed inside the plugin's configuration.
<MetadataFilter type="Blacklist"> <Exclude>https://sp.badguy.com/shibboleth</Exclude> </MetadataFilter>
<Exclude>(zero or more)
Namefound in the source metadata and only matching entities are kept. When groups are excluded, all children of the group are excluded without further examination by any filters.
Version 2.1 and Above
type="RequireValidUntil", rejects metadata whose root element does not contain a
validUntil attribute, or whose validity period exceeds a threshold.
<MetadataFilter type="RequireValidUntil" maxValidityInterval="604800"/>