...
Enforces the content of NameQualifier
and SPNameQualifier
attributes in decoded <NameID>
-valued attributes. It supports the following XML attributes for configuration:
Name | Type | Default | Description |
---|---|---|---|
attributeID | String | If set, indirects the function evaluation through another attribute. | |
NameQualifier | String | Attribute issuer | Overrides the qualifier to require/check for |
SPNameQualifier | String | Attribute requester | Overrides the qualifier to require/check for |
Rule Referencing
One feature maintained in the SP that was not supported by the IdP is rule referencing. The <afp:PolicyRequirementRule>
, <afp:PermitValueRule>
, and <afp:DenyValueRule>
elements can appear alone, with an id
attribute. In turn, anywhere these elements would be used within an <afp:AttributeFilterPolicy>
or <afp:AttributeRule>
, the previously defined rules can be referenced via <afp:PolicyRequirementRuleReference>
, <afp:PermitValueRuleReference>
, <afp:DenyValueRuleReference>
, and <afp:RuleReference>
elements.
The default policy distributed with the software includes an example of this approach.
Reference
Attributes
Aside from the type="XML"
attribute itself, there is no other attribute content specific to this plugin type.
...