Overview
The ValueRegex (basic:AttributeValueRegex type prior to V3.2) type matches attributes values against the supplied Java Regular Expression.
Confusingly, the basic:AttributeValueRegextheValueRegex type can be a Matcher or a PolicyRequirement.
- If no
attributeID attribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise) - If an
attributeID attribute is specified then it is a PolicyRule (returning true if that that value is present amongst the values for the specified attribute).
Schema Name
The ValueRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated basic:AttributeValueRegex type is defined by was defined in the urn:mace:shibboleth:shibboleth:2.0:afp:mf:basic namespace, the schema , for which can be located at found at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.
Attributes
Two attributes may be specified:
| Name | Type | Default | Description |
|---|
attributeID | String | none | If this is present, then this is a PolicyRule returning true if the corresponding attribute |
of this ID | exists and contains a value |
with that matches.
If this is not present, then this is a Matcher returning any value that |
match| matches, and the empty set otherwise. |
regex |
Java RegExp| Pattern | required | The regular expression to match against |
Child
...
Elements
None
Examples
| Code Block |
|---|
| language | xml |
|---|
| title | Simple Profile Policy |
|---|
|
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" attributeID="uid"/> |
...
| Code Block |
|---|
| language | xml |
|---|
| title | Simple Matcher |
|---|
|
<afp:AttributeRule<AttributeRule attributeID="uid">
<afp:PermitValueRule<PermitValueRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" />
</afp:AttributeRule> |
Add any values of the attribute "uid" with start "hn" to its permitted values list.
| Code Block |
|---|
| language | xml |
|---|
| title | Compound PolicyRule (deprecated) |
|---|
|
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$"/> |
Apply this rule if any attribute contains a value which starts with hn
| Code Block |
|---|
| language | xml |
|---|
| title | Compound Matcher (deprecated) |
|---|
|
<afp:AttributeRule<AttributeRule attributeID="email">
<afp:PermitValueRule<PermitValueRule xsi:type="basic:AttributeValueRegexValueRegex" regex="^hn.*$" attributeID="uid"/>
</afp:AttributeRule> |
If the attribute "uid" contains any value which starts hn then release all values of "email" .