The ProxiedRequesterRegex
is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name matches the supplied Java regular expression. In SAML, this corresponds to an <AuthnRequest>
carrying a <Scoping>
element that includes a matching <RequesterID>
.
The ProxiedRequesterRegex
type is defined in the urn:mace:shibboleth:2.0:afp
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Only one attribute may be specified
regex
: a required attribute which specifies the java regular expression to match againstNone
<PolicyRequirementRule xsi:type="ProxiedRequesterRegex" regex="^https://downstream.example.org/.*$" /> |