The EntityAttributeRegexMatch
type is a PolicyRule that returns true if the SAML metadata for the requester contains <mdattr:EntityAttribute>
extension data matching the supplied parameterization.
The values do not undergo any attribute mapping, which is to say applying the inverse of the SAML Attribute Encoding defined in the attribute-resolver.xml file. It therefore operates in terms of the SAML Attribute content in the metadata directly.
The EntityAttributeRegexMatch
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated saml:EntityAttributeRegexMatch
type is defined in the urn:mace:shibboleth:2.0:afp:mf:saml
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd
Name | Type | Required? | Description |
---|---|---|---|
attributeName | String | Y | The SAML Attribute |
attributeValueRegex | String | Y | The regular expression to match against |
attributeNameFormat | String (URI) | The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name ) |
None
<PolicyRequirementRule xsi:type="EntityAttributeRegexMatch" attributeName="urn:example.org:policy" attributeValueRegex="^urn:mace:example.org.*$" /> |
[...] <Extensions> <mdattr:EntityAttributes> <saml:Attribute Name="urn:mace:example.org:policy"> <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:policy:1234</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:mace:example.org:entitlements" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> </Extensions> [...] |