Namespace: urn:mace:shibboleth:2.0:afpSchema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The ScopeRegex type matches attributes values against the supplied Java Regular Expression.
Confusingly, the ScopeRegex type can be a Matcher or a PolicyRequirement.
- If no
attributeIDattribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise) - If an
attributeIDattribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).
Reference
Attributes
Three attributes may be specified
| Name | Type | Default | Description |
|---|---|---|---|
attributeID | String | none | If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches. If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise. |
regex | Pattern | required | The regular expression to match against |
caseSensitive | boolean | true | Whether the comparison is case sensitive. |
Child Elements
None
Examples
Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:
Simple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list:
Simple Matcher
<AttributeRule attributeID="uid"> <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" /> </AttributeRule>
Apply this rule if any attribute contains a scope value whose scope ends .edu:
Compound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>
If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":
Compound Matcher (deprecated)
<AttributeRule attributeID="email"> <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/> </AttributeRule>