...
Note |
---|
Membership in a |
Schema
...
Type and Location
The InEntityGroup
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated saml:InEntityGroup
type is defined in the urn:mace:shibboleth:2.0:afp:mf:saml
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd
Reference
Attributes
...
One attribute must be specified:
...
Name | Type | Req? | Default | Description |
---|---|---|---|---|
groupID | String | Y | The<EntitiesDescriptor> Name to match against (or in V3.4 |
...
+, a matching <AffiliationDescriptor> ) | ||||
checkAffiliations 3.4 | Boolean | false | Whether to check metadata for <AffiliationDescriptor> -based matches |
Child Elements
None
Example
Apply this rule if the entity for the SP is included in an <EntitiesDescriptor>
or <AffiliationDescriptor>
named urn:mace:example.org
...