In V3.2.0, the need for multiple XML namespaces in the filter policy syntax was removed. With With the exception of some deprecated Matchers and Policy Rules, everything can now be expressed by the within the urn:mace:shibboleth:2.0:afp schemaafp namespace. Many Many of the Matchers and Policy Rules preserve the same body names (so, assuming the above namespace is the default in effect, xsi:type="basic:AND" becomes xsi:type="AND"), but some have been abbreviated.
The following table shows the appropriate mappingmappings. See AttributeFilterPolicyConfiguration for the documentation.
| Note |
|---|
The legacy types will be removed upon the release of V4.0. |
The table's middle column assumes that the default XML namespace in the file is urn:mace:shibboleth:2.0:afp namespace; if not, then an appropriate prefix (likely "afp") would have to be used.
| Legacy Type | Current Type | Notes |
|---|---|---|
basic:AND | AND | |
basic:ANY | ANY | |
basic:AttributeIssuerRegex | Deprecated function. The legacy type is still supported in V3, but will cause a warning to be issued. | |
basic:AttributeIssuerString | Deprecated function. The legacy type is still supported in V3, but will cause a warning to be issued. | |
basic:AttributeRequesterRegex | RequesterRegex | |
basic:AttributeRequesterString | Requester | |
basic:AttributeScopeRegex | ScopeRegex | |
basic:AttributeScopeString | Scope | |
basic:AttributeValueRegex | ValueRegex | |
basic:AttributeValueString | Value | |
basic:AuthenticationMethodRegex | AuthenticationMethodRegex | |
basic:AuthenticationMethodString | AuthenticationMethod | |
basic:NOT | NOT | |
basic:NumberOfAttributeValues | NumberOfAttributeValues | |
basic:OR | OR | |
basic:Predicate | Predicate | |
basic:PrincipalNameRegex | PrincipalNameRegex | |
basic:PrincipalNameString | PrincipalName | |
basic:Rule | Rule | |
basic:Script | Script | |
saml:AttributeInMetadata | AttributeInMetadata | |
saml:AttributeIssuerEntityAttributeExactMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerEntityAttributeRegexMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerInEntityGroup | Never supported in V3. Error issued. | |
saml:AttributeIssuerNameIDFormatExactMatch | Never supported in V3. Error issued. | |
saml:AttributeRequesterEntityAttributeExactMatchsaml:EntityAttributeExactMatch | EntityAttributeExactMatch | |
saml:AttributeRequesterEntityAttributeRegexMatchsaml:EntityAttributeRegexMatch | EntityAttributeRegexMatch | |
saml:AttributeRequesterInEntityGroupsaml:InEntityGroup | InEntityGroup | |
| NameIDFormatExactMatch | |
saml:MappedAttributeInMetadata | MappedAttributeInMetadata | |
saml:RegistrationAuthority | RegistrationAuthority |