This plugin is deprecated and will be removed in V4.0 due to the inability to accurately represent authentication in the IdP as a single string value. It may be replaced with a differently-named plugin with more advanced capabilities, or one may use scripting to interrogate the full authentication state of the subject.
Overview
The deprecated AuthenticationMethod
(basic:AuthenticationMethodString
prior to V3.2) is a PolicyRule which returns true if the authentication method used to authenticate the user matches the supplied string.
Schema Name
The deprecated AuthenticationMethod
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated basic:AuthenticationMethodString
type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
Attributes
Two attributes may be specified:
value
: a required attributes which specifies the string to match againstignoreCase
: an optional attribute (default false) which specifies whether the case is to be ignored.
Child Elements
None
Example
<PolicyRequirementRule xsi:type="AuthenticationMethod" value="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
mechanism.