Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The PrincipalName
type describes a PolicyRule which returns true if the canonicalized principal used to identify the subject matches the supplied string. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication. When filtering data resolved for SAML AttributeQuery requests, the value is produced via NameIDConsumptionConfiguration.
|
Apply this rule if the principal is "hnelson":
<PolicyRequirementRule xsi:type="PrincipalName" value="hnelson" /> |