Overview
The ValueRegex (basic:AttributeValueRegex prior to 3.2.0) type matches attributes values against the supplied Java Regular Expression
Confusingly, theValueRegex type can be a Matcher or a PolicyRequirement.
- If no
attributeIDattribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise) - If an
attributeIDattribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).
Schema Name
The ValueRegex type is defined by the urn:mace:shibboleth:2.0:afp schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.
Attributes
Two attributes may be specified
| Name | Type | Default | Description |
|---|---|---|---|
attributeID | String | none | If this is present then this is a PolicyRule returning true if the attribute of this ID contains a value with matches If this is not present then this is a Matcher returning any value that match, and the empty set otherwise |
| regex | Java RegExp | required | The regular expression to match against |
Child Elements12
None
Examples
Simple Profile Policy
<PolicyRequirementRule xsi:type="ValueRegex" regex="^hn.*$" attributeID="uid"/>
Apply this rule if the attribute "uid" contains at least one value which starts with "hn"
Simple Matcher
<AttributeRule attributeID="uid"> <PermitValueRule xsi:type="ValueRegex" regex="^hn.*$" /> </AttributeRule>
Add any values of the attribute "uid" with start "hn" to its permitted values list.
Compound PolicyRule (deprecated)
<PolicyRequirementRule xsi:type="ValueRegex" regex="^hn.*$"/>
Apply this rule if any attribute contains a value which starts with hn
Compound Matcher (deprecated)
<AttributeRule attributeID="email"> <PermitValueRule xsi:type="ValueRegex" regex="^hn.*$" attributeID="uid"/> </AttributeRule>
If the attribute "uid" contains any value which starts hn then release all values of "email" .