Versions Compared

Old Version 6

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 7

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Table of Contents

Overview

The OR type is one of a very few filter plugin types which can function as a PolicyRule or a Matcher. It takes its behavior from its location. If it is defined within a <PolicyRequirementRule> (either directly or as a child of other logical operations), then it acts as a PolicyRule, otherwise it acts as a Matcher.

Reference

Localtabgroup
Localtab live
activetrue
titleXML Elements

At least one <Rule> element must be present (these are interpreted as either <PolicyRequirementRule> or <PermitValueRule>/<DenyValueRule> based on the context).

PolicyRule Semantics

When used as a PolicyRule, the result is the logical OR of the evaluation of the child rules.

...

The example means that the rule is applied if:

  • The principal is jsmith or

  • The SP is named https://sp.example.org or

  • The SP is named https://sp2.example.org

Code Block
languagexml
<PolicyRequirementRule xsi:type="OR">
   <Rule xsi:type="Requester" value="https://sp.example.org" />
   <Rule xsi:type="Requester" value="https://sp2.example.org" />
   <Rule xsi:type="PrincipalName" value="jsmith" />
</PolicyRequirementRule>

...