...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!--
The following MetadataProvider attempts to refresh the
InCommon production metadata aggregate every hour.
-->
<MetadataProvider type="XML"
url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFilePath="InCommon-metadata.xml" maxRefreshDelay="3600"
legacyOrgNames="true">
<!-- Verify the signature on the metadata file -->
<MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
<!--
Require a validUntil XML attribute on the EntitiesDescriptor element
and make sure its value is no more than 14 days into the future
-->
<MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
<!--
As the refeds.org R&S tag becomes more prevalent, the
order of the attributes should be reversed for efficiency.
-->
<MetadataFilter<DiscoveryFilter type="Whitelist" matcher="EntityAttributes">
<saml:Attribute
Name="http://macedir.org/entity-category-support"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="http://macedir.org/entity-category-support"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
</MetadataFilter>DiscoveryFilter>
</MetadataProvider> |
The above configuration requires Shibboleth SP v2.5 (or later). Be aware that filtering entity metadata from the discovery interface is not the same as filtering the metadata altogether. If the latter is really what you want to do, replace the <DiscoveryFilter> with an identical <MetadataFilter> in the previous example.