Note |
---|
This feature requires V4.2 and above. |
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
...
Note |
---|
Membership in a group is rarely an effective way of making policy decisions because hierarchies are inherently limiting and metadata sources tend not to align well to policy. In general, base your attribute release policy on the characteristics of entity metadata only: SP entityID, entity attributes, and registration info. Avoid policy based on the characteristics of the aggregate itself. If you do rely on groups, prefer the |
Reference
XML Attributes
Name | Type | Req? | Default | Description |
---|---|---|---|---|
groupID | String | Y | The | |
checkAffiliations | Boolean | false | Whether to check metadata for |
Example
Apply this rule if the entity for the SP is included in an <EntitiesDescriptor>
or <AffiliationDescriptor>
named urn:mace:example.org
...