Versions Compared

Old Version 36

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

RequesterRegex the
RuleTypePolicyRule or MatcherFunction


ANY

PolicyRuleLogically TRUE
MatcherSet Unity


AND

PolicyRuleLogical AND
Matcher Set Intersection


OR

PolicyRuleLogical OR
Matcher Set Union


NOT

PolicyRuleLogical NOT
MatcherSet Inversion

Predicate

PolicyRule

Call an externally-defined predicate

Requester

PolicyRuleCompare the attribute recipient's name (typically an SP's entityID) to a string

ProxiedRequester 3.4

PolicyRuleCompare a proxied attribute recipient's name (typically an SP's entityID) to a string

Issuer 3.4

PolicyRuleCompare the attribute issuer's name (typically the IdP's entityID) to a string

PrincipalName

PolicyRuleCompare the principal name to a string

AuthenticationMethod

PolicyRuleCompare the authentication method to a string


Value

Matcher, or PolicyRule if attributeID specified 

Compare attribute values to a string

Scope

Matcher, or PolicyRule if attributeID specifiedCompare the scope of a Scoped attribute value to a string
ProxiedRequesterRegex 3.4

RequesterRegex

PolicyRuleMatch a proxied the attribute recipient's name (typically an SP's entityID) to a regular expression

ProxiedRequesterRegex 3.4

PolicyRuleMatch a proxied attribute recipient's name (typically an SP's entityID) to a regular expression

IssuerRegex 3.4

PolicyRuleMatch the attribute issuer's name (typically the IdP's entityID) to a regular expression

PrincipalNameRegex

PolicyRuleMatch the principal name to a regular expression

AuthenticationMethodRegex

PolicyRuleMatch the authentication method to a regular expression

ValueRegex

Matcher, or PolicyRule if attributeID specifiedMatch attribute values to a regular expression

ScopeRegex

Matcher, or PolicyRule if attributeID specifiedMatch the scopes of scoped attribute values to a regular expression

Script

BothUse a Java scripting language to implement a custom PolicyRule or Matcher

NumberOfAttributeValues

PolicyRuleCount the number of values for the specified Attribute

EntityAttributeExactMatch

PolicyRuleExact match against <mdattr:EntityAttributes> extension attributes ("tags") found in an attribute recipient's SAML metadata

EntityAttributeRegexMatch

PolicyRuleRegular expression match against <mdattr:EntityAttributes> extension attributes ("tags") found in an attribute recipient's SAML metadata

NameIDFormatExactMatch

PolicyRule

Compare against <NameIDFormat> element's inside the attribute recipient's SAML metadata

InEntityGroup

PolicyRuleCheck the attribute recipient's SAML metadata for a matching <EntitiesDescriptor>

AttributeScopeMatchesShibMDScope
AttributeValueMatchesShibMDScope
AttributeIssuerRegistrationAuthority


Not implemented

RegistrationAuthority

PolicyRuleMatch against the <rpi:RegistrationInfo> extension in an attribute recipient's SAML metadata

AttributeInMetadata

MatcherMatch attribute values against <RequestedAttribute> elements associated with an <AttributeConsumingService> in an attribute recipient's SAML metadata, using just in time conversion

MappedAttributeInMetadata

MatcherMatch attribute values against <RequestedAttribute> elements associated with an <AttributeConsumingService> in an attribute recipient's SAML metadata, after having applied an attribute decoding/mapping translation from SAML into internal IdPAttribute form