Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 2

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Name (string)
    • Specifies the entityID or <md:EntitiesDescriptor>/@Name to match against. Matching is exact and case sensitive.

...

EntityAttributes EntityMatcher

Matches an IdP based on the presence of matching <saml:Attribute> elements inside a <md:EntityAttributes> extension in its metadata, or the metadata of its parent <md:EntitiesDescriptor> element(s). This plugin implements so-called "tag" matching, which is more flexible than a group-based approach that relies on hierarchical containment in a file.

The matching criteria for the plugin are expressed as a set of <saml:Attribute> elements (or a shorthand for specifiying a single attribute value to check for). Each element contains a set of values. All of the values specified must be found in an extension attribute in the metadata for a match to succeed, but a single such match is sufficient.

That is, the <saml:AttributeValue> elements within a <saml:Attribute> form an "AND" criterion, but separate <saml:Attribute> elements form an "OR" criterion.

Attributes

  • trimTags (boolean) (defaults to false)
    • When true, values found in the metadata are trimmed of leading or trailing whitespace before a direct comparison.
  • attributeName (string)
    • Specifies the Name of a <saml:Attribute> tag to match on. Used as a shorthand syntax when matching against a single tag and value.
  • attributeNameFormat (string)
    • Specifies the NameFormat of a <saml:Attribute> tag to match on. Used as a shorthand syntax when matching against a single tag and value. When absent, or set to the "unspecified" format, any NameFormat is considered a match if the Name matches the attributeName property.
  • attributeValue (string)
    • Specifies a <saml:AttributeValue> to match on. Used as a shorthand syntax when matching against a single tag and value.
  • attributeValueRegex (regular expression)
    • Specifies an expression to apply while searching <saml:AttributeValue> elements to match on. Used as a shorthand syntax when matching against a single tag and value.

Child Elements

  • <saml:Attribute> (one or more, unless shorthand syntax above is used)
    • Identifies a <saml:Attribute> tag to match on. Contains one or more <saml:AttributeValue> elements containing values or regular expressions to match with. To use a regular expression, add a regex="true" XML attribute to the <saml:AttributeValue> element.

...