Overview
The RegistrationAuthority
type is a PolicyRule that returns true if the entity is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority
XML attribute value on the <mdrpi:RegistrationInfo>
element (if any).
...
The RegistrationAuthority
type is defined by defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema , for which is located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.Prior to release 3.2.0 the
The deprecated saml:RegistrationAuthority
type is defined by defined in the urn:mace:shibboleth:2.0:afp:mf:saml
namespace, the schema , for which is located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd.
Use of that namespace is deprecated, but is supported.
Attributes
One attribute must be specified:
registrars
: a- A required attribute that specifies a space-separated list of registrar IDs
Child Elements
None
Example
Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID:
Code Block | ||
---|---|---|
| ||
<PolicyRequirementRule xsi:type="AND"> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <Rule xsi:type="RegistrationAuthority" registrars="http://my.federation.org"/> </PolicyRequirementRule> |
...