...
Specifying the attributeNameFormat attribute in the rule will constrain the rule to match only against the underlying XML representation of the extension data. Omitting it will permit the rule to match against the data mapped from the XML via the AttributeRegistryConfiguration, which increases efficiency.
Reference
| Localtabgroup |
|---|
localtab-live| Expand |
|---|
|
Name | Type | Required? | Default | Description |
|---|
attributeName | String | Y | | The SAML AttributeĀ Name to match against | attributeValueRegex | Pattern | Y | | The regular expression to match against | attributeNameFormat | URI |
| | The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on theĀ Name) | ignoreUnmappedEntityAttributes | Boolean |
| false | When true, this constrains the rule to ignore the underlying XML and match solely against the data mapped via the AttributeRegistryConfiguration |
|
Example
The above policy would match the tags in the metadata below:
| Code Block |
|---|
|
<PolicyRequirementRule xsi:type="IssuerEntityAttributeRegexMatch"
attributeName="urn:example.org:policy" attributeValueRegex="^urn:mace:example\.org.*$" /> |
| Code Block |
|---|
|
[...]
<md:Extensions>
<mdattr:EntityAttributes>
<saml:Attribute Name="urn:mace:example.org:policy">
<saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue>
<saml:AttributeValue>urn:mace:example.org:policy:1234</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:mace:example.org:entitlements"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue>
<saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
[...] |