Versions Compared

Version Old Version 4 New Version Current
Changes made by

Rod Widdowson

Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The ScopeRegex type matches attributes values against the supplied Java Regular ExpressionPattern.

Confusingly, the The ScopeRegex type can be a Matcher or a PolicyRequirement.

  • If no attributeID attribute is specified then it is a Matcher (returning

    that value if it is

    the matching values present amongst the filtered attribute's values, and the empty set otherwise)

  • If an attributeID attribute is specified then it is a PolicyRule (returning true if

    that that

    a matching value is present amongst the values

    for

    of the specified attribute).

Schema Name

The ScopeRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Attributes

...

Reference

Expand
titleXML Attributes

Name

Type

Default

Description

...

attributeID 

String

...

If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches.
If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.

regex

Pattern

...

The Java regular expression to match against

caseSensitive

boolean

true

Whether the comparison is case sensitive

...

Child Elements

None

ExamplesExamples

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:

Simple Profile Policy
Code Block
languagexml
titleSimple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Apply this rule if Add any scoped values of the attribute "EPSA" contains at least one scope value whose scope ends .edu.uid" with scope ending ".edu" to its permitted values list:

Simple Matcher
Code Block
languagexmltitleSimple Matcher
<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list.Apply this rule if any attribute contains a scope value whose scope ends .edu:

Compound PolicyRule (deprecated)
Code Block
languagexmltitleCompound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

Apply this rule if any attribute contains a scope value whose scope ends .edu

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":

Compound Matcher (deprecated)
Code Block
languagexml
titleCompound Matcher (deprecated)
<AttributeRule attributeID="email">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
</AttributeRule>

...