The Issuer
type (basic:AttributeIssuerString
prior to V3.4) is a PolicyRule which returns true if the name (generally the SAML entityID) of the system issuing the attributes (usually the IdP itself) matches a supplied string. It's not commonly needed but is of use in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes.
The Issuer
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated basic:AttributeIssuerString
type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
Name | Type | Default | Description |
---|---|---|---|
value | String | Required, the string to match against | |
ignoreCase | Boolean | false | Optional, specifies how to perform the comparison |
None
The example reads "Apply this rule if the attribute issuer is named 'https://idp.example.org'".
<PolicyRequirementRule xsi:type="Issuer" value="https://idp.example.org" /> |