Versions Compared

Old Version 3

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The NameIDFormatExactMatch NameIDFormatExactMatch type describes is a PolicyRule which returns true if the SAML <SSODescriptor> associated with this request supports the configured NameID format

This type replaces the deprecated saml:AttributeRequesterNameIDFormatExactMatch type of V2

metadata for a requester indicates support for the configured <NameID> format.

Schema Name

The NameIDFormatExactMatch  type is defined by defined in the urn:mace:shibboleth:2.0:afp schema, afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.Prior to release 3.2.0 the 

The deprecated basic:AttributeRequesterRegex  type is defined by defined in the urn:mace:shibboleth:2.0:afp:mf:basic  namespace, the schema , for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.Use of that namespace is deprecated, but is supported.

Attributes

...

NameType
Default
Required?Description
nameIdFormat
urn
URI
required
YThe
NameID
format to
test against
check for. Only exact matches against the
<NameIDFormat>
<md:NameIDFormat> elements are made.

Child Elements

None

Example

Code Block
languagexml
<PolicyRequirementRule xsi:type="NameIDFormatExactMatch"
	nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
This would match this metafata segment the following metadata extract:
Code Block
languagexml
<SPSSODescriptor protocolSupportEnumeration protocolSupportEnumeration="...">
[...]
    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
[...]
<SPSSODescriptor>