In V3.2.0, the need for multiple XML namespaces in the filter policy syntax was removed. With the exception of some deprecated Matchers and Policy Rules, everything can now be expressed within the urn:mace:shibboleth:2.0:afp
namespace. Many of the Matchers and Policy Rules preserve the same names (so, assuming the above namespace is the default in effect, xsi:type="basic:AND"
becomes xsi:type="AND"
), but some have been abbreviated.
The following table shows the appropriate mappings. See AttributeFilterPolicyConfiguration for the documentation.
The legacy types will be removed upon the release of V4.0.
The table's middle column assumes that the default XML namespace in the file is urn:mace:shibboleth:2.0:afp
namespace; if not, then an appropriate prefix (likely "afp") would have to be used.
Legacy Type | Current Type | Notes |
---|---|---|
basic:AND | AND | |
basic:ANY | ANY | |
basic:AttributeIssuerRegex | Deprecated. The legacy type is still supported in V3, but will cause a warning to be issued. | |
basic:AttributeIssuerString | Deprecated. The legacy type is still supported in V3, but will cause a warning to be issued. | |
basic:AttributeRequesterRegex | RequesterRegex | |
basic:AttributeRequesterString | Requester | |
basic:AttributeScopeRegex | ScopeRegex | |
basic:AttributeScopeString | Scope | |
basic:AttributeValueRegex | ValueRegex | |
basic:AttributeValueString | Value | |
basic:AuthenticationMethodRegex | AuthenticationMethodRegex | |
basic:AuthenticationMethodString | AuthenticationMethod | |
basic:NOT | NOT | |
basic:NumberOfAttributeValues | NumberOfAttributeValues | |
basic:OR | OR | |
basic:Predicate | Predicate | |
basic:PrincipalNameRegex | PrincipalNameRegex | |
basic:PrincipalNameString | PrincipalName | |
basic:Rule | Rule | |
basic:Script | Script | |
saml:AttributeInMetadata | AttributeInMetadata | |
saml:AttributeIssuerEntityAttributeExactMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerEntityAttributeRegexMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerInEntityGroup | Never supported in V3. Error issued. | |
saml:AttributeIssuerNameIDFormatExactMatch | Never supported in V3. Error issued. | |
saml:AttributeRequesterEntityAttributeExactMatch saml:EntityAttributeExactMatch | EntityAttributeExactMatch | |
saml:AttributeRequesterEntityAttributeRegexMatch saml:EntityAttributeRegexMatch | EntityAttributeRegexMatch | |
saml:AttributeRequesterInEntityGroup saml:InEntityGroup | InEntityGroup | |
| NameIDFormatExactMatch | |
saml:MappedAttributeInMetadata | MappedAttributeInMetadata | |
saml:RegistrationAuthority | RegistrationAuthority |