Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The IssuerEntityAttributeExactMatch
type is a PolicyRule that returns true if the SAML metadata for the issuer contains <mdattr:EntityAttribute>
extension data matching the supplied parameterization.
Specifying the attributeNameFormat
attribute in the rule will constrain the rule to match only against the underlying XML representation of the extension data. Omitting it will permit the rule to match against the data mapped from the XML via the AttributeRegistryConfiguration, which can increase efficiency.
Schema Name
The IssuerEntityAttributeExactMatch
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Reference
Attributes
Name | Type | Required? | Default | Description |
---|---|---|---|---|
attributeName | String | Y | The SAML Attribute | |
attributeValue | String | Y | The string value to match against | |
attributeNameFormat | URI | The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name ) | ||
ignoreUnmappedEntityAttributes | Boolean | false | When true, this constrains the rule to ignore the underlying XML and match solely against the data mapped via the AttributeRegistryConfiguration |
Child Elements
None
Example
The above policy would match the tags in the metadata below:
Code Block | ||
---|---|---|
| ||
<PolicyRequirementRule xsi:type="IssuerEntityAttributeExactMatch" attributeName="urn:mace:example.org:policy" attributeValue="urn:mace:example.org:policy:ABCD1234" /> |
...
Code Block | ||
---|---|---|
| ||
[...] <Extensions><md:Extensions> <mdattr:EntityAttributes> <saml:Attribute Name="urn:mace:example.org:policy"> <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:policy:ABCD1234</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:mace:example.org:entitlements" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> </md:Extensions> [...] |