Overview
The saml:NameIDFormatExactMatch
type describes a PolicyRule which returns true if the SAML <SSODescriptor>
associated with this request supports the configured NameID format
This type replaces the deprecated saml:AttributeRequesterNameIDFormatExactMatch
type of V2
Schema Name
The saml:NameIDFormatExactMatch
NameIDFormatExactMatch
type is defined by the urn:mace:shibboleth:2.0:afp
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.
Prior to release 3.2.0 the basic:AttributeRequesterRegex
type is defined by the urn:mace:shibboleth:2.0:afp:mf:
saml basic
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-samlbasic.xsd.
Use of that namespace is deprecated, but is supported.
Attributes
One one, required attribute should be provided
Name | Type | Default | Description |
---|---|---|---|
nameIdFormat | urn | required | The NameID format to test against. Only exact matches against the <NameIDFormat> elements are made |
Child Elements
None
Example
Code Block | ||
---|---|---|
| ||
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="saml:NameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" /> |
Code Block | ||
---|---|---|
| ||
<SPSSODescriptor protocolSupportEnumeration [...] <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> [...] <SPSSODescriptor> |