Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The PrincipalNameRegex
type describes a PolicyRule which returns true if the canonicalized principal used to identify the user matches matches the supplied Pattern. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication. When filtering data resolved for SAML AttributeQuery requests, the value is produced via NameIDConsumptionConfiguration.
|
Apply this rule if the principal starts with "hn":
<PolicyRequirementRule xsi:type="PrincipalNameRegex" regex="^hn.*$" /> |