Versions Compared

Old Version 2

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 3

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The saml:NameIDFormatExactMatch type describes a PolicyRule which returns true if the SAML <SSODescriptor> associated with this request supports the configured NameID format

This type replaces the deprecated saml:AttributeRequesterNameIDFormatExactMatch type of V2

Schema Name

The saml:NameIDFormatExactMatch NameIDFormatExactMatch  type is defined by the urn:mace:shibboleth:2.0:afp schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.

Prior to release 3.2.0 the basic:AttributeRequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp:mf:saml basic schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-samlbasic.xsd.

Use of that namespace is deprecated, but is supported.

Attributes

One one, required attribute should be provided

NameTypeDefaultDescription
nameIdFormaturnrequiredThe NameID format to test against. Only exact matches against the <NameIDFormat> elements are made

Child Elements

None

Example

Code Block
languagexml
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="saml:NameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
This would match this metafata segment

 

Code Block
languagexml
<SPSSODescriptor protocolSupportEnumeration 
[...]
    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
[...]
<SPSSODescriptor>