...
The InEntityGroup
type is a PolicyRule that returns true if the Name of any of the EntitiesDescriptors that the entity surrounding <EntitiesDescriptor>
metadata of the requester is in matches the supplied parameter. This replaces the (deprecated) saml:AttributeRequesterInEntityGroup
type from V2. As of V3.4, this is extended to include a matching <AffiliationDescriptor>
membership.
Note |
---|
Membership in a |
Schema Name
The InEntityGroup
type is defined by the urn:mace:shibboleth:2.0:afp
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.
...
groupID
: a required attribute that specifies the EntitiesDescriptor the<EntitiesDescriptor>
Name to match against (or in V3.4 and up, a matching<AffiliationDescriptor>
)
Child Elements
None
Example
Code Block | ||
---|---|---|
| ||
<PolicyRequirementRule xsi:type="InEntityGroup" groupID="urn:example.org"/> |
...
<EntitiesDescriptor>
with Name "urn:example.org
".