The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

In V3.2.0, the need for multiple XML namespaces in the filter policy syntax was removed. With the exception of some deprecated Matchers and Policy Rules, everything can now be expressed within the urn:mace:shibboleth:2.0:afp namespace. Many of the Matchers and Policy Rules preserve the same names (so, assuming the above namespace is the default in effect, xsi:type="basic:AND" becomes xsi:type="AND"), but some have been abbreviated.

The following table shows the appropriate mappings. See AttributeFilterPolicyConfiguration for the documentation.

The legacy types will be removed upon the release of V4.0.

The table's middle column assumes that the default XML namespace in the file is urn:mace:shibboleth:2.0:afp namespace; if not, then an appropriate prefix (likely "afp") would have to be used.

Legacy TypeCurrent TypeNotes
basic:ANDAND
basic:ANYANY
basic:AttributeIssuerRegex
Deprecated. The legacy type is still supported in V3, but will cause a warning to be issued.
basic:AttributeIssuerString
Deprecated. The legacy type is still supported in V3, but will cause a warning to be issued.
basic:AttributeRequesterRegexRequesterRegex
basic:AttributeRequesterStringRequester
basic:AttributeScopeRegexScopeRegex
basic:AttributeScopeStringScope
basic:AttributeValueRegexValueRegex
basic:AttributeValueStringValue
basic:AuthenticationMethodRegexAuthenticationMethodRegex


basic:AuthenticationMethodStringAuthenticationMethod
basic:NOTNOT
basic:NumberOfAttributeValuesNumberOfAttributeValues
basic:OROR
basic:PredicatePredicate
basic:PrincipalNameRegexPrincipalNameRegex
basic:PrincipalNameStringPrincipalName
basic:RuleRule
basic:ScriptScript
saml:AttributeInMetadataAttributeInMetadata
saml:AttributeIssuerEntityAttributeExactMatch
Never supported in V3. Error issued.
saml:AttributeIssuerEntityAttributeRegexMatch
Never supported in V3. Error issued.
saml:AttributeIssuerInEntityGroup
Never supported in V3. Error issued.
saml:AttributeIssuerNameIDFormatExactMatch
Never supported in V3. Error issued.
saml:AttributeRequesterEntityAttributeExactMatch
saml:EntityAttributeExactMatch		EntityAttributeExactMatch
saml:AttributeRequesterEntityAttributeRegexMatch
saml:EntityAttributeRegexMatch		EntityAttributeRegexMatch
saml:AttributeRequesterInEntityGroup
saml:InEntityGroup 		InEntityGroup 

saml:AttributeRequesterNameIDFormatExactMatch
saml:NameIDFormatExactMatch

NameIDFormatExactMatch
saml:MappedAttributeInMetadataMappedAttributeInMetadata
saml:RegistrationAuthorityRegistrationAuthority
  • No labels