Versions Compared

Version Old Version 7 New Version Current
Changes made by

Rod Widdowson

Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

...

The ScopeRegex type matches attributes values against the supplied Pattern.

The ScopeRegex type can be a Matcher or a PolicyRequirement.

  • If no attributeID attribute is specified then it is a Matcher (returning the matching values present amongst the filtered attribute's values, and the empty set otherwise)

  • If an attributeID attribute is specified then it is a PolicyRule (returning true if a matching value is present amongst the values of the specified attribute).

Reference

Localtabgroupexpand
Localtab live
titleXML Attributes

Name

Type

Default

Description

attributeID 

attributeID 

String

If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches.
If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.

regex

Pattern

The Java regular expression to match against

caseSensitive

boolean

true

Whether the comparison is case sensitive

Examples

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:

Simple Profile Policy
Code Block
title
languagexmlSimple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list:

Simple Matcher
Code Block
title
languagexmlSimple Matcher
<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Apply this rule if any attribute contains a scope value whose scope ends .edu:

Compound PolicyRule (deprecated)
Code Block
title
languagexmlCompound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":

Compound Matcher (deprecated)
Code Block
languagexmltitleCompound Matcher (deprecated)
<AttributeRule attributeID="email">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
</AttributeRule>

...