View Source

Overview

The NameIDFormatExactMatch type is a PolicyRule which returns true if the SAML metadata for a requester indicates support for the configured <NameID> format.

Schema Name

The NameIDFormatExactMatch type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeRequesterRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Name	Type	Required?	Description
nameIdFormat	URI	Y	The format to check for. Only exact matches against the `<md:NameIDFormat>` elements are made.

Child Elements

None

Example

<PolicyRequirementRule xsi:type="NameIDFormatExactMatch"
	nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />

This would match the following metadata extract:<SPSSODescriptor protocolSupportEnumeration="...">
[...]
    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
[...]
<SPSSODescriptor>