Question re: SP config to consume metadata

David Bantz dabantz at alaska.edu
Thu May 15 14:31:29 EDT 2014


Closing the loop on this thread:

Tom’s Whitelist filter suggestion works (not surprisingly) to filter out the entities other than that listed,
enabling the SP to consume/update my IdP metadata from signed InC metadata repository. 


<MetadataProvider type=“XML” 
	uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
	backingFilePath=“partner-metadata.xml”
	reloadInterval="7200”>
	<MetadataFilter type=“RequireValidUntil" maxValidityInterval="2419200”/>
	<MetadataFilter type="Signature" certificate="incommon.pem”/>
	<MetadataFilter type="Whitelist">
		<Include>my_idp_entityID_here</Include>
		</MetadataFilter>
</MetadataProvider>

This use appears adequately documented at 
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-WhitelistMetadataFilter

David Bantz
U Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140515/b749e9f1/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140515/b749e9f1/attachment-0001.bin 


More information about the users mailing list