Versions Compared

Old Version 7

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The ProxiedRequesterRegex The RequesterRegex (basic:AttributeRequesterRegex prior to V3.2) is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name if the entityID of the party requesting the attributes (usually the SP) matches the supplied Java regular expression. In SAML, this corresponds to an <AuthnRequest> carrying a <Scoping> element that includes a matching <RequesterID>.

Schema Name

The ProxiedRequesterRegexThe RequesterRegex  type is defined by defined in the urn:mace:shibboleth:2.0:afp schema, namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeRequesterRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.

Attributes

Only one attribute may be specified

  • regex : a required attribute which specifies the java regular expression to match against

...

Code Block
<PolicyRequirementRule xsi:type="ProxiedRequesterRegexRequesterRegex" regex="^https://downstreamsp.example.org/.*$" />
Apply this rule if a proxied SP's name begins the SP entityID starts with "https://downstreamsp.example.org/".