Overview
The IssuerRegex
(basic:AttributeIssuerRegex
prior to V3.4) is is a PolicyRule which returns true if the entityID of the party issuing the attributes (usually the IdP itself) matches the supplied Java regular expression. It's not commonly needed but is of use in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes.
...
The deprecated basic:AttributeIssuerRegex
type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
...
Attributes
Only one attribute may be specified
...
Code Block |
---|
<PolicyRequirementRule xsi:type="IssuerRegex" regex="^https://idp\.example\.org/.*$" /> |
Apply this rule if the IdP entityID started with starts with "https://idp.example.org/".