Overview
The NameIDFormatExactMatch
type describes a PolicyRule which returns true if the SAML <SSODescriptor>
associated with this request supports the configured NameID format
This type replaces the deprecated saml:AttributeRequesterNameIDFormatExactMatch
type of V2
Schema Name
The NameIDFormatExactMatch
type is defined by the urn:mace:shibboleth:2.0:afp
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.
Prior to release 3.2.0 the basic:AttributeRequesterRegex
type is defined by the urn:mace:shibboleth:2.0:afp:mf:basic
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.
Use of that namespace is deprecated, but is supported.
Attributes
One one, required attribute should be provided
Name | Type | Default | Description |
---|---|---|---|
nameIdFormat | urn | required | The NameID format to test against. Only exact matches against the <NameIDFormat> elements are made |
Child Elements
None
Example
<PolicyRequirementRule xsi:type="NameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
<SPSSODescriptor protocolSupportEnumeration [...] <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> [...] <SPSSODescriptor>