[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Question re: SP config to consume metadata
From: David Bantz <dabantz () alaska ! edu>
Date: 2014-05-15 18:31:29
Message-ID: B1FE32D1-A451-4A9C-9AB6-F1F46D39C93E () gmx ! us
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/alternative)]
Closing the loop on this thread:
Tom’s Whitelist filter suggestion works (not surprisingly) to filter out the entities \
other than that listed, enabling the SP to consume/update my IdP metadata from signed \
InC metadata repository.
<MetadataProvider type=“XML”
uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFilePath=“partner-metadata.xml”
reloadInterval="7200”>
<MetadataFilter type=“RequireValidUntil" maxValidityInterval="2419200”/>
<MetadataFilter type="Signature" certificate="incommon.pem”/>
<MetadataFilter type="Whitelist">
<Include>my_idp_entityID_here</Include>
</MetadataFilter>
</MetadataProvider>
This use appears adequately documented at
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-WhitelistMetadataFilter
David Bantz
U Alaska
[Attachment #7 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space;">Closing the loop on this \
thread:<div><br></div><div>Tom’s Whitelist filter suggestion works (not surprisingly) \
to filter out the entities other than that listed,</div><div>enabling the SP to \
consume/update my IdP metadata from signed InC metadata \
repository. </div><div><br></div><div><br></div><div><div><MetadataProvider \
type=“XML” </div><div><span class="Apple-tab-span" \
style="white-space:pre"> </span>uri="<a \
href="http://md.incommon.org/InCommon/InCommon-metadata.xml">http://md.incommon.org/InCommon/InCommon-metadata.xml</a>"<br><span \
class="Apple-tab-span" \
style="white-space:pre"> </span>backingFilePath=“partner-metadata.xml”</div><div><span \
class="Apple-tab-span" \
style="white-space:pre"> </span>reloadInterval="7200”></div><div><span \
class="Apple-tab-span" style="white-space:pre"> </span><MetadataFilter \
type=“RequireValidUntil" maxValidityInterval="2419200”/></div><div><span \
class="Apple-tab-span" style="white-space:pre"> </span><MetadataFilter \
type="Signature" certificate="incommon.pem”/><br></div><div><span \
class="Apple-tab-span" style="white-space:pre"> </span><MetadataFilter \
type="Whitelist"><br><span class="Apple-tab-span" \
style="white-space:pre"> </span><Include>my_idp_entityID_here</Include></div><div><span \
class="Apple-tab-span" \
style="white-space:pre"> </span></MetadataFilter><br></div><div></MetadataProvider><br></div><div><br></div><div>This \
use appears adequately documented at </div><div><a \
href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#Nati \
veSPMetadataFilter-WhitelistMetadataFilter">https://wiki.shibboleth.net/confluence/dis \
play/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-WhitelistMetadataFilter</a></div><br>David \
Bantz</div><div>U Alaska</div></body></html>
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlN1CAEACgkQU016jx0ZXdUE+ACcChGxXtoAiaYPHLHi+iRSvSR4
6MYAni9dcbsynYdfjUgA/837c+QyhysY
=Bkua
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic