Overview
The ValueRegex (basic:AttributeValueRegex type prior to 3.2.0) type matches attributes values against the supplied Java Regular Expression
Confusingly, the basic:AttributeValueRegextheValueRegex type can be a Matcher or a PolicyRequirement.
- If no
attributeIDattribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise) - If an
attributeIDattribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).
Schema Name
The basic:AttributeValueRegexValueRegex type is defined by the urn:mace:shibboleth:2.0:afp:mf:basic schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.
Attributes
Two attributes may be specified
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" attributeID="uid"/> |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:AttributeRule<AttributeRule attributeID="uid"> <afp:PermitValueRule<PermitValueRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" /> </afp:AttributeRule> |
Add any values of the attribute "uid" with start "hn" to its permitted values list.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$"/> |
Apply this rule if any attribute contains a value which starts with hn
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:AttributeRule<AttributeRule attributeID="email"> <afp:PermitValueRule<PermitValueRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" attributeID="uid"/> </afp:AttributeRule> |
If the attribute "uid" contains any value which starts hn then release all values of "email" .