The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Current »

Overview

The PrincipalName (basic:PrincipalNameString prior to V3.2) type describes a PolicyRule which returns true if the canonicalized principal used to identify the user matches the supplied string. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication.

Schema Name

The PrincipalName type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:PrincipalName type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Two attributes may be specified

  • value : a required attribute which specifies the string to match against
  • ignoreCase : an optional attribute (default false) which specifies whether the case is to be ignored.

Child Elements

None

Example

<PolicyRequirementRule xsi:type="PrincipalName" value="hnelson" />
Apply this rule if the principal is "hnelson".


  • No labels