Versions Compared

Old Version 7

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 8

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

An <AttributeRule> defines a filter operation to be applied to the values of one specific attribute.

Each rule is either a permit rule, in which case the filtered values are added to the permit list, or a deny rule, in which case the filtered attributes are added to the deny list (see here).

Reference

Expand
titleXML Attributes

Name

Type

Description

attributeID

String

This required attributes specifies the IdPAttribute name (as defined by an <AttributeDefinition> plugin in the AttributeResolverConfiguration). Note, this is the internal name of the IdPAttribute "private" to the IdP and not anything to do with the name of a formalized SAML Attribute.

permitAny

Boolean

If this is present and set to "true", then there are no child elements allowed, and is shorthand for:

Code Block
<AttributeRule attributeID="...">
   <PermitValueRule xsi:type="ANY" />
</AttributeRule>
Expand
titleXML Elements

Name

Cardinality

Description

<PermitValueRule> or <DenyValueRule>

1

The permit or deny rule to apply to the specified attribute's values.