...
Supported Plugin Types
The following IdP policy and attribute rule function types are supported. Unless otherwise noted, the syntax should be assumed to be identical to the IdP version where applicable.
| Type | Additonal Notes |
|---|---|
ANY | |
AND | |
OR | |
NOT | |
Requester | |
Issuer | |
Value | |
Scope | |
RequesterRegex | |
IssuerRegex | |
ValueRegex | |
ScopeRegex | |
NumberOfAttributeValues | |
EntityAttributeExactMatch | Implemented, but unusable due to lack of metadata supplied for the requester (the SP) |
EntityAttributeRegexMatch | Implemented, but unusable due to lack of metadata supplied for the requester (the SP) |
IssuerEntityAttributeExactMatch | |
IssuerEntityAttributeRegexMatch | |
NameIDFormatExactMatch | Implemented, but unusable due to lack of metadata supplied for the requester (the SP) |
IssuerNameIDFormatExactMatch | Not yet supported by the IdP, but the syntax is identical to the requester variant above |
InEntityGroup | Implemented, but unusable due to lack of metadata supplied for the requester (the SP) |
IssuerInEntityGroup | |
RegistrationAuthority | Implemented, but unusable due to lack of metadata supplied for the requester (the SP) |
IssuerRegistrationAuthority | |
ScopeMatchesShibMDScope | |
ValueMatchesShibMDScope |
The following additional types are also supported:
NameIDQualifierString
Enforces the content of NameQualifier and SPNameQualifier attributes in decoded <NameID>-valued attributes. It supports the following XML attributes for configuration:
| Name | Type | Default | Description |
|---|---|---|---|
attributeID | String | If set, indirects the function evaluation through another attribute. | |
NameQualifier | String | Attribute issuer | Overrides the qualifier to require/check for |
SPNameQualifier | String | Attribute requester | Overrides the qualifier to require/check for |
Reference
Attributes
Aside from the type="XML" attribute itself, there is no other attribute content specific to this plugin type.
...