The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

The IssuerEntityAttributeExactMatch type is a PolicyRule that returns true if the SAML metadata for the issuer contains <mdattr:EntityAttribute> extension data matching the supplied parameterization.

Specifying the attributeNameFormat attribute in the rule will constrain the rule to match only against the underlying XML representation of the extension data. Omitting it will permit the rule to match against the data mapped from the XML via the AttributeRegistryConfiguration, which can increase efficiency.

Schema Name

The IssuerEntityAttributeExactMatch type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Attributes

NameTypeRequired?Description
attributeName
StringY

The SAML Attribute Name to match against

attributeValue
StringYThe string value to match against
attributeNameFormat
String (URI)
The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name)

Child Elements

None

Example

<PolicyRequirementRule xsi:type="IssuerEntityAttributeExactMatch"
	attributeName="urn:mace:example.org:policy" attributeValue="urn:mace:example.org:policy:ABCD1234" />
The above policy would match the tags in the metadata below:


[...]
<Extensions>
    <mdattr:EntityAttributes>
        <saml:Attribute Name="urn:mace:example.org:policy">
            <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:policy:ABCD1234</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="urn:mace:example.org:entitlements"
				NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue>
        </saml:Attribute>
    </mdattr:EntityAttributes>
</Extensions>
[...]



  • No labels