...
| Code Block |
|---|
<!-- Central CCC distribution of metadata -->
<MetadataProvider id="CCC_Central_Metadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/ccc-central-metadata.xml"
metadataURL=" http://saml.ccctcportalcccmypath.org/metadata/ccc-metadata.xml">
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="PT0S"/>
<MetadataFilter xsi:type="SignatureValidation"
requireSignedRoot="true" certificateFile="${idp.home}/credentials/ccctc-md-cert.pem"/>
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider> |
...
As you can tell from the above, the CCC Central Metadata feed is available at: http://saml.ccctcportalcccmypath.org/metadata/ccc-metadata.xml. Note that part of the above configuration is verifying the "signature" on that metadata file and to do that you must create a new file in your IdP's credentials/ directory named 'credentials/ccctc-md-cert.pem' with the following content:
...