Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The IssuerRegex (basic:AttributeIssuerRegex prior to V3.4) type is a PolicyRule which returns true if the entityID of the party issuing the attributes (usually the IdP itself) matches the supplied Java regular expression. It's not commonly needed but is of use Pattern.
The primary use case for this is proxying when filtering inbound attributes, or in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes itself under different names.
Reference
XML Attributes
Schema Name
The IssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated basic:AttributeIssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
Attributes
Only one attribute may be specified
...
Name | Type | Default | Description |
|---|---|---|---|
regex | Required, the Java regular expression to match against |
Child Elements
None
...
caseSensitive | boolean | true | Whether the comparison is case sensitive |
Example
Apply this rule if the IdP entityID starts with "https://idp.example.org/":
| Code Block |
|---|
<PolicyRequirementRule xsi:type="IssuerRegex" regex="^https://idp\.example\.org/.*$" /> |
...