...
...
Overview
The saml:RegistrationAuthority
type is a PolicyRule that returns true if the entity is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority
XML attribute value on the <mdrpi:RegistrationInfo>
element (if any).
Schema Name
The RegistrationAuthority
type is defined by the urn:mace:shibboleth:2.0:afp
schema, which is located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.
Prior to release 3.2.0 the saml:RegistrationAuthority
type type is defined by the urn:mace:shibboleth:2.0:afp:mf:saml
schema, which is located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd.
Use of that namespace is deprecated, but is supported.
Attributes
One attribute must be specified
registrars
: a required attribute that specifies a space-separated list of registrar IDs
Child Elements
None
Example
Code Block | ||
---|---|---|
| ||
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule<Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatchEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <basic:Rule<Rule xsi:type="saml:RegistrationAuthority" registrars="http://my.federation.org"/> </afp:PolicyRequirementRule> |
Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID.