Versions Compared

Old Version 6

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: regular expression has to match the whole string

...

  1. Create a Rule element
  2. Optionally create a Description element, child of the Rule element, whose content is a description of this rule.
  3. Create a Target element, child of the Rule element whose content.
  4. If you want to the rule to apply to any service provider create an AnyValue AnyTarget element, child of the Target element.
  5. If you want the rule to apply to a specific service provider(s) create a Requester element with the following attribute and whose content is the string to match:
    • matchFunction - contains the URI identifier of the function used to evaluate if the content of the Requester element matches the service provider entity ID requesting attributes
  6. Create an Attribute element, child of the Rule element, with the following attribute:
    • name - the name of the attribute this rule applies to, this must match the value of the id attribute on the attribute's definition in the resolver.xml configuration file
  7. If you want to all attribute values to be released to the service providers this rule applies to create an AnyValue element, child of the Attribute element
  8. If you want to restrict the values released to the service providers this rule applies to create a Value element, child of the Attribute element with the following attribute and whose content is the string to match:
    • matchFunction - contains the URI identifier of the function used to evaluate if the content of the Value element matches the possible value(s) of the attribute
    • release - whether to permit the release of the attributes that match this rule or deny them; permissible values "permit" and "deny"

...

Code Block
xml
xml
<Rule>
	<Description>Non-adminstrative groups released to Brown</Description>
	<Target>
		<Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">
			  .*$brown\.brown\.edu.*
		 </Requester>
	 </Target>

	<Attribute name="memberOf">
		<Value release="deny" matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">
			 ^urn:mace:example.org:group:admin:.*
		 </Value>
	</Attribute>
</Rule>

...