The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Overview

The NameIDFormatExactMatch type describes a PolicyRule which returns true if the SAML <SSODescriptor> associated with this request supports the configured NameID format

This type replaces the deprecated saml:AttributeRequesterNameIDFormatExactMatch type of V2

Schema Name

The NameIDFormatExactMatch  type is defined by the urn:mace:shibboleth:2.0:afp schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.

Prior to release 3.2.0 the basic:AttributeRequesterRegex  type is defined by the urn:mace:shibboleth:2.0:afp:mf:basic schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd.

Use of that namespace is deprecated, but is supported.

Attributes

One one, required attribute should be provided

NameTypeDefaultDescription
nameIdFormaturnrequiredThe NameID format to test against. Only exact matches against the <NameIDFormat> elements are made

Child Elements

None

Example

<PolicyRequirementRule xsi:type="NameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
This would match this metafata segment

 

<SPSSODescriptor protocolSupportEnumeration 
[...]
    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
[...]
<SPSSODescriptor>

 

 

  • No labels