Versions Compared

Old Version 6

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 7

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The RequesterRegex (basic:AttributeRequesterRegex prior to 3.2.0) is The ProxiedRequesterRegex is a PolicyRule which returns true if the entityID of the party requesting the attributes (usually the SP) if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name matches the supplied Java regular expression. In SAML, this corresponds to an <AuthnRequest> carrying a <Scoping> element that includes a matching <RequesterID>.

Schema Name

The RequesterRegexThe ProxiedRequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.

Prior to release 3.2.0 the basic:AttributeRequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp:mf:basic schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.

Use of that namespace is deprecated, but is supported.

Attributes

Only one attribute may be specified

...

Code Block
<PolicyRequirementRule xsi:type="RequesterRegexProxiedRequesterRegex" regex="^https://spdownstream.example.org/.*$" />

...

Apply this rule if the SP edtityID started with a proxied SP's name begins with "https://spdownstream.example.org/".