<!-- safeID metadata -->
    <!-- safeID -->
    <MetadataProvider
        id="safeid-metadata"
        xsi:type="FileBackedHTTPMetadataProvider"
        backingFile="%{idp.home}/metadata/metadata.safeid.sk.xml"
        metadataURL="https://metadata.safeid.sk/metadata/metadata.safeid.sk.xml"
        maxRefreshDelay="PT30M">
 
        <MetadataFilter
            xsi:type="SignatureValidation"
            requireSignedRoot="true"
            certificateFile="%{idp.home}/credentials/safeid-metadata-signing.pem" />
 
        <MetadataFilter
            xsi:type="RequiredValidUntil"
            maxValidityInterval="P30D" />
 
        <MetadataFilter
            xsi:type="Algorithm">
 
            <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <ConditionRef>shibboleth.Conditions.TRUE</ConditionRef>
        </MetadataFilter>
    </MetadataProvider>