Versions Compared

Old Version 7

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 8

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 6

Overview

The ProxiedRequesterRegex is The RequesterRegex (basic:AttributeRequesterRegex prior to 3.2.0) is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name if the entityID of the party requesting the attributes (usually the SP) matches the supplied Java regular expression. In SAML, this corresponds to an <AuthnRequest> carrying a <Scoping> element that includes a matching <RequesterID>.

Schema Name

The ProxiedRequesterRegex 

Schema Name

The RequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.

Prior to release 3.2.0 the basic:AttributeRequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp:mf:basic schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.

Use of that namespace is deprecated, but is supported.

Attributes

Only one attribute may be specified

...

Code Block
<PolicyRequirementRule xsi:type="ProxiedRequesterRegexRequesterRegex" regex="^https://downstreamsp.example.org/.*$" />

 

Apply this rule if a proxied SP's name begins with "the SP edtityID started with https://downstreamsp.example.org/".