Skip to content
Permalink
3.3release
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

shib-idp-conftree/conf/metadata-providers.xml

Go to file
@pcaskey
pcaskey minor config cleanup
Latest commit 6317f30 Apr 11, 2017 History
1 contributor

Users who have contributed to this file

83 lines (67 sloc) 4.38 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
xmlns:resource="urn:mace:shibboleth:2.0:resource"
xmlns:security="urn:mace:shibboleth:2.0:security"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
<!-- ========================================================================================== -->
<!-- Metadata Configuration -->
<!-- -->
<!-- Below you place the mechanisms which define how to load the metadata for SP(s) you will -->
<!-- provide service to. -->
<!-- -->
<!-- Two examples are provided. The Shibboleth Documentation at -->
<!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
<!-- provides more details. -->
<!-- -->
<!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
<!-- ========================================================================================== -->
<!--
Example HTTP metadata provider. Use this if you want to download the metadata
from a remote source.
You *MUST* provide the SignatureValidationFilter in order to function securely.
Get the public key certificate from the party publishing the metadata, and validate
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
that the IdP needs to interoperate with.
-->
<!--
<MetadataProvider id="HTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
metadataURL="http://WHATEVER">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
-->
<!--
Example file metadata provider. Use this if you want to load metadata
from a local file. You might use this if you have some local SPs
which are not "federated" but you wish to offer a service to.
If you do not provide a SignatureValidation filter, then you have the
responsibility to ensure that the contents on disk are trustworthy.
-->
<!--
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-->
<MetadataProvider id="InCommonMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/localCopyFromInCommon.xml"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
maxRefreshDelay="PT8H">
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
<MetadataFilter xsi:type="SignatureValidation"
certificateFile="${idp.home}/credentials/inc-md-cert.pem" />
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
</MetadataProvider>